fix: pytest -m live works without extra flags

Root cause: test_schemathesis.py mutates decnet.web.auth.SECRET_KEY at
module-level import time, poisoning JWT verification for all other tests
in the same process — even when fuzz tests are deselected.

- Add pytest_ignore_collect hook in tests/api/conftest.py to skip
  collecting test_schemathesis.py unless -m fuzz is selected
- Add --dist loadscope to addopts so xdist groups by module (protects
  module-scoped fixtures in live tests)
- Remove now-unnecessary xdist_group markers from live test classes

tests/api/conftest.py

@@ -12,6 +12,18 @@ from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_asyn
 from sqlalchemy.pool import StaticPool
 import os as _os
 
+
+def pytest_ignore_collect(collection_path, config):
+    """Skip test_schemathesis.py unless fuzz marker is selected.
+
+    Its module-level code starts a subprocess server and mutates
+    decnet.web.auth.SECRET_KEY, which poisons other test suites.
+    """
+    if collection_path.name == "test_schemathesis.py":
+        markexpr = config.getoption("markexpr", default="")
+        if "fuzz" not in markexpr:
+            return True
+
 # Must be set before any decnet import touches decnet.env
 os.environ["DECNET_JWT_SECRET"] = "test-secret-key-at-least-32-chars-long!!"
 os.environ["DECNET_ADMIN_PASSWORD"] = "test-password-123"