KV identity graph

[aram356]

Parent epic

#532

Description

Implement the KV read/write/delete layer for EC identity entries, including CAS-based concurrent write protection and consent withdrawal tombstones.

Scope: ec/kv.rs

Acceptance criteria

• KvIdentityGraph::get(ec_hash) returns Option<(KvEntry, u64)>, or None if not found.
• KvIdentityGraph::get_metadata(ec_hash) returns Option<KvMetadata> for cheap consent/country checks.
• KvIdentityGraph::create(ec_hash, &entry) writes a new entry. Returns Err if the key already exists or on KV error. No retry — callers handle conflicts.
• KvIdentityGraph::create_or_revive(ec_hash, &entry) creates a new entry OR overwrites an existing tombstone (consent.ok = false); no-ops if a live entry already exists. Called by generate_if_needed().
• KvIdentityGraph::update_last_seen(ec_hash, timestamp) updates last_seen via CAS merge, only writes if stored value is >300s old (debounce).
• KvIdentityGraph::write_withdrawal_tombstone(ec_hash) sets consent.ok = false, clears partner IDs, 24h TTL. Returns Result — callers log error and continue.
• KvIdentityGraph::delete(ec_hash) hard-deletes — IAB data deletion only, not consent withdrawal.
• kv.upsert_partner_id(ec_hash, partner_id, uid, timestamp) writes to ids[partner_id], creating a minimal live root entry if key is absent, skips if existing synced >= timestamp.
• KV schema matches §7 exactly (JSON roundtrip test).
• Unit tests cover CAS merge, tombstone write, tombstone error handling, serialization roundtrip, metadata extraction.

Spec ref

docs/internal/ssc_technical_spec.md §4, §5.4, §6.2, §7