test(auth): remove duplicate CEL parse check in subscription cache key test

The CEL validity check was performed twice: once as a top-level t.Fatalf
guard before the substring subtests, and again as a redundant subtest.
Keep only the top-level guard which fails fast before running pointless
substring assertions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Mynhardt Burger <mynhardt@gmail.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED

Author: mynhardtburger

maas-controller/pkg/controller/maas/maasauthpolicy_controller_test.go

@@ -486,21 +486,4 @@ func TestMaaSAuthPolicyReconciler_SubscriptionCacheKey(t *testing.T) {
 			}
 		})
 	}
-
-	// Verify the cache key selector is a syntactically valid CEL expression.
-	// Authorino evaluates this string as CEL at runtime, so a syntax error here
-	// would cause all subscription-info cache lookups to fail silently.
-	t.Run("is valid CEL expression", func(t *testing.T) {
-		env, err := cel.NewEnv()
-		if err != nil {
-			t.Fatalf("failed to create CEL environment: %v", err)
-		}
-		ast, issues := env.Parse(cacheKeySelector)
-		if issues != nil && issues.Err() != nil {
-			t.Errorf("cache key selector is not a valid CEL expression:\n  selector: %s\n  parse error: %v", cacheKeySelector, issues.Err())
-		}
-		if ast == nil {
-			t.Errorf("CEL parse returned nil AST for selector: %s", cacheKeySelector)
-		}
-	})
 }