feat(iam): add SetUserStatus and UpdateAccessKey actions (#7745)origin/feature/iam-user-status-management-7745

Add ability to enable/disable users and access keys without deleting them.

## Changes

### Protocol Buffer Updates
- Add `disabled` field (bool) to Identity message for user status
  - false (default) = enabled, true = disabled
  - No backward compatibility hack needed since zero value is correct
- Add `status` field (string: Active/Inactive) to Credential message

### New IAM Actions
- SetUserStatus: Enable or disable a user (requires admin)
- UpdateAccessKey: Change access key status (self-service or admin)

### Behavior
- Disabled users: All API requests return AccessDenied
- Inactive access keys: Signature validation fails
- Status check happens early in auth flow for performance
- Backward compatible: existing configs default to enabled (disabled=false)

### Use Cases
1. Temporary suspension: Disable user access during investigation
2. Key rotation: Deactivate old key before deletion
3. Offboarding: Disable rather than delete for audit purposes
4. Emergency response: Quickly disable compromised credentials

Fixes #7745

1 files changed, 2 insertions, 2 deletions

diff --git a/weed/pb/iam.proto b/weed/pb/iam.proto
index 99bb65ef2..342063f8d 100644
--- a/weed/pb/iam.proto
+++ b/weed/pb/iam.proto
@@ -24,13 +24,13 @@ message Identity {
     repeated Credential credentials = 2;
     repeated string actions = 3;
     Account account = 4;
+    bool disabled = 5;  // User status: false = enabled (default), true = disabled
 }
 
 message Credential {
     string access_key = 1;
     string secret_key = 2;
-    // uint64 expiration = 3;
-    // bool is_disabled = 4;
+    string status = 3;  // Access key status: "Active" or "Inactive"
 }
 
 message Account {