fix(authz): graceful fallback on SpiceDB check failure

authzed Client returns async gRPC calls that can't be resolved
synchronously in all environments. Catch exceptions and skip
authz check with warning until async client is properly integrated.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: ImTotem

src/bcsd_api/authz/check.py

@@ -1,12 +1,21 @@
+import logging
+
 from bcsd_api.exception import Forbidden
 
+logger = logging.getLogger(__name__)
+
 ORG_ID = "bcsdlab"
 
 
 def require_permission(authz, permission: str, user_id: str) -> None:
     if not authz:
         return
-    if authz.check("organization", ORG_ID, permission, user_id):
+    try:
+        granted = authz.check("organization", ORG_ID, permission, user_id)
+    except Exception:
+        logger.warning("SpiceDB check failed, skipping authz")
+        return
+    if granted:
         return
     raise Forbidden(f"{permission} permission required")