feat(agent): session deletion anonymization for iOS compliance

Replace soft-delete with anonymize + hard-delete to meet iOS App Store
data retention requirements. Non-PII fields are preserved in
anonymous_session_snapshots for analytics.

- Add anonymous_session_snapshots table and ORM model
- Implement anonymizer to extract non-PII fields before deletion
- Remove points_ledger.biz_id FK constraint (snapshot-style reference)
- Preserve transaction history while allowing session deletion
- Add 14 unit tests + 1 integration test

backend/src/v1/agent/schemas.py

@@ -23,7 +23,7 @@ class AgentRepositoryLike(Protocol):
 
     async def rollback(self) -> None: ...
 
-    async def delete_session(self, *, session_id: str) -> None: ...
+    async def delete_session(self, *, session_id: str) -> list[dict[str, str]]: ...
 
     async def get_history_day(
         self,
@@ -126,6 +126,8 @@ class AttachmentStorageLike(Protocol):
         expires_in_seconds: int,
     ) -> str: ...
 
+    async def delete_prefix(self, *, bucket: str, prefix: str) -> int: ...
+
     def parse_signed_url(self, url: str) -> tuple[str, str]: ...