feat(crm): Add MongoDB models and repository for keyset and registry

[Ygohr]

Summary

• Add MongoDB repositories for organization keyset and registry metadata persistence
• Create domain models for organization encryption state tracking in pkg/mmodel/
• Implement multi-tenant and single-tenant database resolution for encryption repositories
• Add ENC-XXXX error sentinels for encryption domain operations

Motivation

CRM requires organization-scoped encryption metadata persistence to support envelope encryption mode. This PR delivers the MongoDB repository layer and domain models that track:

• Wrapped DEK and HMAC keysets per organization
• Key history with primary key IDs
• Protection model state (legacy vs envelope)
• Migration status with state machine transitions
• Optimistic concurrency via revision field

The implementation follows hexagonal architecture with domain models in pkg/mmodel/ and MongoDB adapters in components/crm/internal/adapters/mongodb/encryption/.

Semantic Decision

This PR implements Item 2 from the CRM encryption enhancement specification:

• MongoDB repository handling for keyset metadata with single-tenant and multi-tenant support
• Repository keys are organization-local within tenant-scoped database boundaries

Changes

New Files

File	Purpose
pkg/mmodel/organization_keyset.go	Domain model for wrapped keyset metadata (DEK, HMAC, key history, KEK path)
pkg/mmodel/organization_keyset_test.go	Validation and SafeView tests for keyset model
pkg/mmodel/organization_registry.go	Domain model for encryption state machine (pending, active, legacy readable)
pkg/mmodel/organization_registry_test.go	State transition and validation tests for registry model
components/crm/internal/adapters/mongodb/encryption/keyset.go	MongoDB model with BSON tags and FromEntity/ToEntity converters
components/crm/internal/adapters/mongodb/encryption/keyset.mongodb.go	Keyset repository with tenant resolution, tracing, and index optimization
components/crm/internal/adapters/mongodb/encryption/keyset.mongodb_test.go	Repository tests including tenant isolation scenarios
components/crm/internal/adapters/mongodb/encryption/keyset_test.go	Model conversion round-trip tests
components/crm/internal/adapters/mongodb/encryption/registry.go	MongoDB model for registry with status and protection model
components/crm/internal/adapters/mongodb/encryption/registry.mongodb.go	Registry repository with tenant resolution and tracing
components/crm/internal/adapters/mongodb/encryption/registry.mongodb_test.go	Repository tests including tenant isolation scenarios
components/crm/internal/adapters/mongodb/encryption/registry_test.go	Model conversion round-trip tests

Refactored Code

Before	After
No encryption error sentinels	Added ENC-0001 through ENC-0007 in pkg/constant/errors.go

OpenTelemetry Metrics

Metric	Type	Description
mongodb.keyset.save	Span	Keyset save operation with app.request.organization_id attribute
mongodb.keyset.get	Span	Keyset retrieval operation
mongodb.keyset.update	Span	Keyset update with app.request.expected_revision attribute
mongodb.registry.save	Span	Registry save operation
mongodb.registry.get	Span	Registry retrieval operation
mongodb.registry.update	Span	Registry update with db.rows_affected attribute

Test Plan

• Unit tests for domain model validation (OrganizationKeyset, OrganizationRegistryRecord)
• Unit tests for SafeView redaction of wrapped keysets (returns [REDACTED])
• Unit tests for registry state transitions (pending_migration → active)
• Unit tests for MongoDB repository create/get/update operations
• Unit tests for optimistic concurrency conflict detection (ErrKeysetRevisionConflict, ErrRegistryRevisionConflict)
• Unit tests for single-tenant database resolution (static connection fallback)
• Unit tests for multi-tenant database resolution (tmcore.GetMBContext precedence)
• Unit tests for tenant context precedence over static connection
• Unit tests for two-tenant isolation (different tenants resolve to different databases)
• Unit tests for nil connection with tenant context (multi-tenant only mode)
• Unit tests for model conversion round-trips (FromEntity/ToEntity)
• Unit tests for HMAC keyset validation when provided
• Lint check passes with 0 issues (golangci-lint v2)

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

🗂️ Base branches to auto review (1)

• develop

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 48a7df01-36f6-4c4b-bae3-7c20b0a8ce3e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}