refactor: simplify agent identity auth

[efrazer-oai]

Stack context

This PR is part of the cleanup for the merged agent identity stack.

Reference stack: https://github.com/openai/codex/pull/17387/changes

The old stack mixed three concerns:

1. the agent identity signing/encryption primitives
2. Codex task lifecycle and rollout/session task persistence
3. request authentication for programmatic Codex

The desired final state is smaller:

• shared agent identity mechanics live in codex-agent-identity
• Codex does not persist task ids in rollouts or session state
• programmatic Codex uses an explicit AgentIdentity auth mode
• each process allocates one runtime task id
• backend request callsites ask auth for a full Authorization header value

Why

The task lifecycle design is the part of the old stack with the most uncertainty.

The old code created task ids around Codex threads, persisted them in rollout/session state, and threaded them through replay and resume paths. That made a temporary auth requirement part of core Codex history handling.

This PR removes that lifecycle layer.

What changed

• Removed task id persistence from rollout and session state.
• Removed the core task lifecycle manager.
• Removed task id replay/reconstruction logic.
• Removed task id plumbing from thread/session state.
• Removed core-side agent task registration code.
• Kept normal ChatGPT/API-key auth working through the existing bearer path.

Boundary

This PR does not add the new programmatic auth model.

After this PR, Codex no longer owns a per-thread task lifecycle. The next PR adds the replacement model: explicit AgentIdentity auth with one process task held in runtime memory.

Tests

Tests: targeted Rust checks for core/session/auth rollback paths and CI.

[efrazer-oai]

Superseded by #18757 after folding the minimal-auth cleanup into the crate-extraction PR. The remaining stack is now #18757 -> #18785.