feat(m7.2-D): drop transitional agent.db, add admin helpers

Final slice of M7.2. Removes the transitional single-database handle
that M7.2-A introduced alongside the pool, so the compliance-agent
now has a single source of truth for storage: every code path obtains
a tenant-scoped Database from `agent.db_pool.for_tenant_id(...)` or
`for_tenant(&ctx)`. There is no shared "default" database anywhere.

Changes
- ComplianceAgent: `db: Database` field removed. ComplianceAgent::new
  now takes only `(config, db_pool)`. Verified by an earlier grep
  during M7.2-C that no remaining call site reads `agent.db`.
- main.rs: stops constructing the legacy Database. Only the pool is
  built at startup.
- TestServer: same — drops Database::connect/ensure_indexes, builds
  only the pool. cleanup() now drops every `<db_name>_*` per-tenant
  database (no longer touches a bare `<db_name>`).
- DatabasePool::list_tenant_db_names() — lists Mongo databases
  matching the pool's prefix. For admin endpoints + scheduler tenant
  enumeration in a future M7.3 (this PR keeps SCHEDULER_TENANT_IDS
  env config — registry integration is a separate concern).
- DatabasePool::drop_tenant(&str) — idempotent tenant offboarding.
  Drops the per-tenant database and evicts the in-memory `ensured`
  marker so a later re-provision re-runs ensure_indexes.

Test plan
- cargo fmt --all clean
- cargo clippy --workspace --exclude compliance-dashboard
  -- -D warnings clean
- cargo test -p compliance-core --lib — 7 pass
- cargo test -p compliance-agent --lib — 228 pass
- cargo test -p compliance-agent --test tenant_isolation — 6 pass
  including new `admin_helpers_list_and_drop_tenant_dbs`
- cargo test -p compliance-agent --test tenant_status_middleware
  — 6 pass

M7.2 closeout state after this lands
- M7.1 (auth + status) — done
- M7.2-A (pool) — done
- M7.2-B (handlers) — done
- M7.2-C (background paths) — done
- M7.2-D (legacy db removed, admin helpers) — done (this PR)
- Future M7.3: scheduler pulls tenants from tenant-registry instead
  of SCHEDULER_TENANT_IDS env; cross-tenant admin HTTP endpoints
  built on list_tenant_db_names / drop_tenant.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

compliance-agent/src/database.rs

@@ -140,6 +140,43 @@ impl DatabasePool {
     pub fn client(&self) -> &Client {
         &self.client
     }
+
+    /// List every Mongo database currently belonging to this pool,
+    /// identified by the `<db_prefix>_` prefix. The result is the raw
+    /// database names — opening one for offboarding/cleanup goes
+    /// through [`Self::client`].
+    ///
+    /// Note: hashed-fallback names (very long tenant_ids) lose the
+    /// original tenant_id at the cluster level — we know a database
+    /// exists for *some* tenant but not which one. In practice
+    /// tenant_ids are UUIDs (36 chars) and never hit the fallback,
+    /// so this is a theoretical concern, not an operational one.
+    pub async fn list_tenant_db_names(&self) -> Result<Vec<String>, AgentError> {
+        let prefix = format!("{}_", self.db_prefix);
+        let names = self.client.list_database_names().await?;
+        Ok(names
+            .into_iter()
+            .filter(|n| n.starts_with(&prefix))
+            .collect())
+    }
+
+    /// Drop the database for a specific tenant. Used by GDPR delete
+    /// and tenant offboarding. Idempotent — dropping a non-existent
+    /// database is a no-op at the driver level.
+    ///
+    /// Also evicts the tenant from the in-memory `ensured` set so a
+    /// later re-provision triggers fresh `ensure_indexes`.
+    pub async fn drop_tenant(&self, tenant_id: &str) -> Result<(), AgentError> {
+        let db_name = self.tenant_db_name(tenant_id);
+        self.client.database(&db_name).drop().await?;
+        self.ensured.remove(tenant_id);
+        tracing::info!(
+            tenant_id = %tenant_id,
+            db_name = %db_name,
+            "Dropped tenant database"
+        );
+        Ok(())
+    }
 }
 
 /// Mongo database names disallow `/`, `\`, `.`, `"`, `$`, ` `, and NUL.