fix(server): remove Kura global endpoints

What changed

• Removed Kura global endpoint scheduling, readiness checks, endpoint selection, dashboard display, environment flags, and the marketing changelog entry.
• Removed the Kura controller Cloudflare load-balancing path, CRD fields, Helm values, ExternalSecret template, and related tests.
• Normalized account handles before writing KuraInstance DNS-label fields, which fixes some accounts.
• Made the reconciler move an already-observed pending deployment through running before marking it succeeded.
• Added a migration that deletes stale account-level Kura endpoint rows shaped like https://<account>.kura.tuist.dev.

Why

Cloudflare-backed account-level Kura endpoints would make this rollout too expensive. The server and controller should converge only regional Kura endpoints, such as https://xxx-eu-central-1.kura.tuist.dev, and should not wait on or publish an account-level endpoint.

The production rollout also showed two adjacent bugs: uppercase account names were written into Kubernetes fields that need DNS-safe values, and a deployment could jump from pending to succeeded when the controller had already observed the desired image.

Impact

Kura accounts now receive regional endpoint URLs only. The controller no longer requires Cloudflare load-balancing credentials. Existing account-level Kura endpoint rows are removed by migration so clients do not keep discovering stale account-level endpoints.

Validation

• mise exec go -- go test ./... from infra/kura-controller
• helm template tuist infra/helm/tuist -f infra/helm/tuist/values-ci.yaml >/tmp/tuist-helm-render.yaml
• mix test test/tuist/kura/provisioner/kubernetes_controller_test.exs test/tuist/kura/reconciler_test.exs test/tuist/kura_test.exs test/tuist/accounts_test.exs test/tuist_web/live/account_settings_live_test.exs
• git diff --check