revert: remove dual-key license verification

Restored original license signing key from backup - key was never
compromised (private repo). Removes unnecessary dual-key complexity:

- Remove legacyPublicKey and SetLegacyPublicKey from license.go
- Simplify signature verification to single key
- Remove EmbeddedLegacyPublicKey from pubkey.go
- Remove PULSE_LICENSE_LEGACY_PUBLIC_KEY from Dockerfile and workflows
- Remove dual-key test
- Simplify mock.env

.github/workflows/create-release.yml

@@ -184,7 +184,6 @@ jobs:
           cache-to: type=registry,ref=ghcr.io/${{ github.repository_owner }}/pulse:buildcache,mode=max
           build-args: |
             PULSE_LICENSE_PUBLIC_KEY=${{ secrets.PULSE_LICENSE_PUBLIC_KEY }}
-            PULSE_LICENSE_LEGACY_PUBLIC_KEY=${{ secrets.PULSE_LICENSE_LEGACY_PUBLIC_KEY }}
             VERSION=${{ needs.extract_version.outputs.tag }}
           tags: |
             ghcr.io/${{ github.repository_owner }}/pulse:staging-${{ needs.extract_version.outputs.tag }}
@@ -202,7 +201,6 @@ jobs:
           cache-to: type=registry,ref=ghcr.io/${{ github.repository_owner }}/pulse-docker-agent:buildcache,mode=max
           build-args: |
             PULSE_LICENSE_PUBLIC_KEY=${{ secrets.PULSE_LICENSE_PUBLIC_KEY }}
-            PULSE_LICENSE_LEGACY_PUBLIC_KEY=${{ secrets.PULSE_LICENSE_LEGACY_PUBLIC_KEY }}
             VERSION=${{ needs.extract_version.outputs.tag }}
           tags: |
             ghcr.io/${{ github.repository_owner }}/pulse-docker-agent:staging-${{ needs.extract_version.outputs.tag }}
@@ -210,10 +208,8 @@ jobs:
       - name: Build Docker images for integration tests
         run: |
           docker build -t pulse-mock-github:test tests/integration/mock-github-server
-          docker build -t pulse:test -f Dockerfile --target runtime --cache-from ghcr.io/${{ github.repository_owner }}/pulse:buildcache --build-arg BUILDKIT_INLINE_CACHE=1 --build-arg PULSE_LICENSE_PUBLIC_KEY="$PULSE_LICENSE_PUBLIC_KEY" --build-arg PULSE_LICENSE_LEGACY_PUBLIC_KEY="$PULSE_LICENSE_LEGACY_PUBLIC_KEY" --build-arg VERSION="${{ needs.extract_version.outputs.tag }}" .
         env:
           PULSE_LICENSE_PUBLIC_KEY: ${{ secrets.PULSE_LICENSE_PUBLIC_KEY }}
-          PULSE_LICENSE_LEGACY_PUBLIC_KEY: ${{ secrets.PULSE_LICENSE_LEGACY_PUBLIC_KEY }}
 
       - name: Run update integration smoke tests
         working-directory: tests/integration
@@ -320,7 +316,6 @@ jobs:
           ./scripts/build-release.sh ${{ needs.extract_version.outputs.version }}
         env:
           PULSE_LICENSE_PUBLIC_KEY: ${{ secrets.PULSE_LICENSE_PUBLIC_KEY }}
-          PULSE_LICENSE_LEGACY_PUBLIC_KEY: ${{ secrets.PULSE_LICENSE_LEGACY_PUBLIC_KEY }}
 
       - name: Post-build health check
         run: |

.github/workflows/publish-docker.yml

@@ -77,7 +77,6 @@ jobs:
           cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/pulse:buildcache
           build-args: |
             PULSE_LICENSE_PUBLIC_KEY=${{ secrets.PULSE_LICENSE_PUBLIC_KEY }}
-            PULSE_LICENSE_LEGACY_PUBLIC_KEY=${{ secrets.PULSE_LICENSE_LEGACY_PUBLIC_KEY }}
             VERSION=${{ steps.version.outputs.tag }}
           tags: |
             rcourtman/pulse:${{ steps.version.outputs.tag }}
@@ -99,7 +98,6 @@ jobs:
           cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/pulse-docker-agent:buildcache
           build-args: |
             PULSE_LICENSE_PUBLIC_KEY=${{ secrets.PULSE_LICENSE_PUBLIC_KEY }}
-            PULSE_LICENSE_LEGACY_PUBLIC_KEY=${{ secrets.PULSE_LICENSE_LEGACY_PUBLIC_KEY }}
             VERSION=${{ steps.version.outputs.tag }}
           tags: |
             rcourtman/pulse-docker-agent:${{ steps.version.outputs.tag }}

.github/workflows/release-dry-run.yml

@@ -78,10 +78,8 @@ jobs:
         run: |
           VERSION="v$(cat VERSION | tr -d '\n')"
           docker build -t pulse-mock-github:test tests/integration/mock-github-server
-          docker build -t pulse:test -f Dockerfile --target runtime --cache-from ghcr.io/${{ github.repository_owner }}/pulse:buildcache --build-arg BUILDKIT_INLINE_CACHE=1 --build-arg PULSE_LICENSE_PUBLIC_KEY="$PULSE_LICENSE_PUBLIC_KEY" --build-arg PULSE_LICENSE_LEGACY_PUBLIC_KEY="$PULSE_LICENSE_LEGACY_PUBLIC_KEY" --build-arg VERSION="$VERSION" .
         env:
           PULSE_LICENSE_PUBLIC_KEY: ${{ secrets.PULSE_LICENSE_PUBLIC_KEY }}
-          PULSE_LICENSE_LEGACY_PUBLIC_KEY: ${{ secrets.PULSE_LICENSE_LEGACY_PUBLIC_KEY }}
 
       - name: Run integration diagnostics
         working-directory: tests/integration

.github/workflows/test-e2e.yml

@@ -53,10 +53,8 @@ jobs:
       - name: Build Docker images for test environment
         run: |
           docker build -t pulse-mock-github:test ./tests/integration/mock-github-server
-          docker build -t pulse:test -f Dockerfile --build-arg PULSE_LICENSE_PUBLIC_KEY="$PULSE_LICENSE_PUBLIC_KEY" --build-arg PULSE_LICENSE_LEGACY_PUBLIC_KEY="$PULSE_LICENSE_LEGACY_PUBLIC_KEY" .
         env:
           PULSE_LICENSE_PUBLIC_KEY: ${{ secrets.PULSE_LICENSE_PUBLIC_KEY }}
-          PULSE_LICENSE_LEGACY_PUBLIC_KEY: ${{ secrets.PULSE_LICENSE_LEGACY_PUBLIC_KEY }}
 
       - name: Start test containers
         working-directory: tests/integration

.github/workflows/test-updates.yml

@@ -70,10 +70,8 @@ jobs:
 
           # Build Pulse test image
           cd ../../
-          docker build -t pulse:test -f Dockerfile --build-arg PULSE_LICENSE_PUBLIC_KEY="$PULSE_LICENSE_PUBLIC_KEY" --build-arg PULSE_LICENSE_LEGACY_PUBLIC_KEY="$PULSE_LICENSE_LEGACY_PUBLIC_KEY" .
         env:
           PULSE_LICENSE_PUBLIC_KEY: ${{ secrets.PULSE_LICENSE_PUBLIC_KEY }}
-          PULSE_LICENSE_LEGACY_PUBLIC_KEY: ${{ secrets.PULSE_LICENSE_LEGACY_PUBLIC_KEY }}
 
       - name: Run diagnostic smoke test
         working-directory: tests/integration