refactor: retire interim magic-link/open-link in favor of password gate

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/portal_auth.py

@@ -40,15 +40,6 @@ if SECRET_KEY == "dev-insecure-change-me":
 COOKIE_NAME = "portal_session"
 COOKIE_MAX_AGE = 60 * 60 * 24 * 30  # 30 days
 
-# Plain, no-token portal links (/portal/open/{project_id}). These are an
-# UNAUTHENTICATED, proxy-reachable session-minting path (and a linked project's
-# open link grants the *whole* client's scope), so they default OFF and must be
-# explicitly enabled — set PORTAL_OPEN_LINKS=true only in a dev/prototype env.
-PORTAL_OPEN_LINKS = os.getenv("PORTAL_OPEN_LINKS", "false").lower() in ("1", "true", "yes")
-if PORTAL_OPEN_LINKS:
-    logger.warning("[PORTAL] open links ENABLED — no-token /portal/open/* shareable links. "
-                   "Keep this OFF in any internet-facing / production deployment.")
-
 
 class PortalAuthError(Exception):
     """Raised by get_current_client when there's no valid portal session.