feat(web): drop SessionProfile, wire observations into AttackerDetail (DEBT-050 / DEBT-036 closure)

Destructive half of BEHAVE-INTEGRATION.md Phase 1. SessionProfile +
its kd_* columns + the dialect ALTER TABLE migration helpers are
deleted outright; pre-v1, the table shipped empty, no migration
ceremony required (per the no-new-_migrate_-pre-v1 memory rule).
DEBT-036 closes via DEBT-050 supersedure. AttackerDetail's
``observations`` field is wired to the new ``observations`` table
and returns an empty list until the BEHAVE-SHELL extractor (DEBT-050
Phase 2) starts emitting.

decnet/web/db/models/attackers.py — SessionProfile class deleted
(~135 lines), KD_PAUSE_*/KD_START_OF_ACTION_IDLE_S module constants
deleted, module docstring updated to point at the observations
table. AttackerIdentity.kd_digraph_simhash is KEPT — it's the v2
federation centroid hook, not a SessionProfile field; docstring
repointed to the BEHAVE primitive that will populate it.

decnet/web/db/sqlmodel_repo/attackers/sessions.py — DELETED.
SessionProfilesMixin dropped from the AttackersMixin MRO.

decnet/web/db/repository.py — abstract upsert_session_profile +
get_session_profile removed.

decnet/web/db/sqlite/repository.py + mysql/repository.py —
_migrate_session_profile_table helpers and their initialize() calls
removed. mysql initialize() now goes attackers → column_types →
admin (no session_profile step).

decnet/web/db/models/__init__.py — SessionProfile re-export gone.

decnet/web/db/models/attacker_intel.py — docstring cross-reference
to SessionProfile.schema_version retargeted to AttackerIdentity.

decnet/web/router/attackers/api_get_attacker_detail.py — adds
``observations: []`` to the response by calling
``repo.latest_observation_per_primitive(uuid)`` and projecting to a
list sorted by primitive path. Empty until the extractor lands;
shape matches BEHAVE-INTEGRATION.md §"AttackerDetail consumer".

tests/profiler/test_session_profile.py — DELETED (56 lines).
tests/db/test_base_repo.py — DummyRepo loses upsert_session_profile
and get_session_profile overrides.
tests/db/mysql/test_mysql_migration.py — initialize-call-order
assertion updated; session_profile step removed from the expected
sequence; docstring records why.
tests/ttp/test_lifter_absence.py — docstring "no SessionProfile" →
"no ObservationRow".

tests/db/mysql/test_mysql_migration.py

@@ -191,9 +191,13 @@ async def test_migrate_column_types_default_clause_per_column():
 
 @pytest.mark.asyncio
 async def test_mysql_initialize_calls_migrate_column_types():
-    """MySQLRepository.initialize() must invoke every migration helper in
-    the right order: attackers first, then session_profile (DEBT-036),
-    then column types, then seed the admin user."""
+    """MySQLRepository.initialize() must invoke every migration helper
+    in the right order: attackers first, then column types, then seed
+    the admin user.
+
+    The legacy ``_migrate_session_profile_table`` step (DEBT-036) was
+    dropped when SessionProfile was deleted in favour of the
+    ``observations`` table — see DEBT-050 / BEHAVE-INTEGRATION.md."""
     repo = _make_repo()
 
     call_order: list[str] = []
@@ -201,9 +205,6 @@ async def test_mysql_initialize_calls_migrate_column_types():
     async def fake_migrate_attackers():
         call_order.append("migrate_attackers")
 
-    async def fake_migrate_session_profile():
-        call_order.append("migrate_session_profile")
-
     async def fake_migrate_column_types():
         call_order.append("migrate_column_types")
 
@@ -211,7 +212,6 @@ async def test_mysql_initialize_calls_migrate_column_types():
         call_order.append("ensure_admin")
 
     repo._migrate_attackers_table       = fake_migrate_attackers
-    repo._migrate_session_profile_table = fake_migrate_session_profile
     repo._migrate_column_types          = fake_migrate_column_types
     repo._ensure_admin_user             = fake_ensure_admin
 
@@ -228,7 +228,6 @@ async def test_mysql_initialize_calls_migrate_column_types():
 
     assert call_order == [
         "migrate_attackers",
-        "migrate_session_profile",
         "migrate_column_types",
         "ensure_admin",
     ], f"Unexpected call order: {call_order}"

tests/db/test_base_repo.py

@@ -38,8 +38,6 @@ class DummyRepo(BaseRepository):
     async def upsert_attacker_behavior(self, u, d): await super().upsert_attacker_behavior(u, d)
     async def get_attacker_behavior(self, u): await super().get_attacker_behavior(u)
     async def get_behaviors_for_ips(self, ips): await super().get_behaviors_for_ips(ips)
-    async def upsert_session_profile(self, sid, data): await super().upsert_session_profile(sid, data)
-    async def get_session_profile(self, sid): await super().get_session_profile(sid)
     # BEHAVE-SHELL observations (DEBT-050 / BEHAVE-INTEGRATION.md Phase 1)
     async def upsert_observation(self, data): await super().upsert_observation(data); return ""
     async def latest_observation_per_primitive(self, attacker_uuid): await super().latest_observation_per_primitive(attacker_uuid); return {}
@@ -129,8 +127,6 @@ async def test_base_repo_coverage():
     await dr.upsert_attacker_behavior("a", {})
     await dr.get_attacker_behavior("a")
     await dr.get_behaviors_for_ips({"1.1.1.1"})
-    await dr.upsert_session_profile("sid", {})
-    await dr.get_session_profile("sid")
     await dr.upsert_observation({})
     await dr.latest_observation_per_primitive("a")
     await dr.observations_time_series("a", "motor.input_modality")