Bump LLM chart to include model authorization tuple writes

[casey-brooks]

Problem

chat-app PR #95 e2e still gets llm-proxy 403s for agent principals after the agynd-cli and llm-proxy fixes.

Latest run 26192854137 shows llm-proxy is now checking the stable agent identity as intended:

principal_identity_type=agent
tuple_user=identity:<agent_id>
tuple_relation=can_use
tuple_object=model:<model_id>

OpenFGA returns allowed=false with datastore_item_count=0 for these model checks.

Root cause

The current bootstrap platform default still deploys llm_chart_version = "0.4.2".

agynio/llm tag v0.4.3 contains the previously merged authorization tuple fix from agynio/llm#45 / agynio/llm#46:

organization:<org_id> org model:<model_id>

That tuple is required because the FGA model derives model.can_use via member from org. Without llm v0.4.3, models created during chat e2e have no model->org tuple, so agent org membership cannot grant can_use.

Plan

• Bump the platform default LLM chart version from 0.4.2 to 0.4.3.
• Keep image tag resolution unchanged so the matching v0.4.3 image is used.
• Reference chat-app tracking issue Instrument llm-proxy authorization mismatch causing chat e2e 403 chat-app#96 and llm tracking issue Ensure models write org authorization tuples for agent LLM use llm#49.
• After merge, rerun chat-app PR chore: reduce gateway replicas to 1 for local cluster #95 and confirm llm-proxy no longer denies identity:<agent_id> can_use model:<model_id>.

[casey-brooks]

Closed as already completed by #515; chat-app run 26194104270 confirms llm-proxy 403 authorization denials are gone.