Add GDPR right-to-erasure flow honoring legal-hold and crypto-shred fallback

[thlpkee20-wq]

Description

Implement right-to-erasure that hard-deletes user data where lawful and crypto-shreds where retention is mandated by financial regulation. Must honor active legal holds.

Requirements and context

• Must be secure, tested, and documented
• Should be efficient and easy to review
• Relevant code: src/db/repositories/userRepository.ts, src/security/audit.ts
• Legal hold must block erasure with explicit reason

Suggested execution

• Fork the repo and create a branch
• git checkout -b feat/gdpr-erasure
• Implement changes
  • Add erasure_requests and legal_holds tables
  • Implement worker that deletes or crypto-shreds
  • Emit audit log with category and outcome
• Validate security and correctness assumptions

Test and commit

• Run tests
  • npm test
• Cover edge cases
  • Hold added mid-flow, partial child-record retention, double request
• Include test output and notes

Example commit message

feat: GDPR erasure with legal-hold and crypto-shred

Guidelines

• Minimum 95 percent test coverage
• Clear documentation
• Timeframe: 96 hours

[ogbesylvester0-gif]

@ogbesylvester0-gif has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hello maintainer I'll like to work on this issue please can you assign me

ℹ️ Repo Maintainers: To accept this application, review their application or assign @ogbesylvester0-gif to this issue.

[akinerin]

@akinerin has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Please assign me to this task, I would like to work on it

ℹ️ Repo Maintainers: To accept this application, review their application or assign @akinerin to this issue.