refactor(V2): audit.py usa actor:str invece di Principal, rimuovi legacy common/auth.py

- Eliminato src/cerbero_mcp/common/auth.py (V1 Principal/TokenStore/ACL)
- audit_write_op: parametro principal:Principal → actor:str|None
- mcp_bridge.py: TokenStore → valid_tokens:set[str] (V2 bearer model)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/cerbero_mcp/common/audit.py

@@ -23,7 +23,6 @@ import os
 from logging.handlers import TimedRotatingFileHandler
 from typing import Any
 
-from cerbero_mcp.common.auth import Principal
 from cerbero_mcp.common.logging import SecretsFilter, get_json_logger
 
 try:
@@ -67,7 +66,7 @@ def _configure_audit_sink() -> None:
 
 def audit_write_op(
     *,
-    principal: Principal | None,
+    actor: str | None = None,
     action: str,
     exchange: str,
     target: str | None = None,
@@ -77,8 +76,8 @@ def audit_write_op(
 ) -> None:
     """Emit a structured audit log record per write operation.
 
-    principal: chi ha invocato (None se anonimo, ma normalmente _check
-        impedisce di arrivare qui senza principal).
+    actor: identificatore di chi ha invocato (es. "testnet", "mainnet",
+        oppure None per logging anonimo).
     action: nome del tool (es. "place_order", "cancel_order").
     exchange: identificatore servizio (deribit, bybit, alpaca, hyperliquid).
     target: instrument/symbol/order_id su cui si agisce.
@@ -91,7 +90,7 @@ def audit_write_op(
         "audit_event": "write_op",
         "action": action,
         "exchange": exchange,
-        "principal": principal.name if principal else None,
+        "actor": actor,
         "target": target,
         "payload": payload or {},
     }