feat(node-type-registry): strip membership_type from AuthzAppMembership

[pyramation]

Summary

AuthzAppMembership is hardcoded to membership_type=1 — it's an app-level-only check. Remove membership_type and entity_type from its parameter_schema since they don't belong on this type.

• For entity-scoped membership checks (org, channel, etc.), use AuthzEntityMembership instead
• Remaining params: permission, permissions, is_admin, is_owner
• Blueprint types regenerated

This makes the distinction between AuthzAppMembership (app-level, no scope config) and AuthzEntityMembership (entity-scoped, takes entity_field + membership_type) unambiguous.

Review & Testing Checklist for Human

• Verify no downstream code passes membership_type to AuthzAppMembership policies (constructive-db generators already hardcode type=1)

Notes

Companion change needed in constructive-db: hardcode membership_type=1 in the RLS parser/AST builder for AuthzAppMembership so it ignores any membership_type param even if passed.

Link to Devin session: https://app.devin.ai/sessions/b4ff120294f446d8a0407ac21e05f7bb
Requested by: @pyramation

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring