test(l1): RLS regression tests for internal_tickets + l1_walk_sessions

Adds 8 synchronous psycopg2-based tests that connect as resolutionflow_app
and verify the tenant_isolation RLS policies (USING + WITH CHECK) on the two
new L1 Phase 1 tables block cross-tenant reads and reject cross-tenant INSERTs.

Uses psycopg2 (not asyncpg) to avoid the conftest pytest_runtest_teardown hook
that closes the asyncio event loop after every test — incompatible with
module-scoped asyncpg fixtures in pytest-asyncio 0.24.

conftest.py: extends _RLS_TEST_FILES set to include test_l1_rls.py so it is
excluded from the default create_all test suite (requires RUN_RLS_TESTS=1).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

backend/tests/conftest.py

@@ -105,7 +105,7 @@ assert "test" in _test_db_name, (
 )
 
 _RUN_RLS_TESTS = os.environ.get("RUN_RLS_TESTS") == "1"
-_RLS_ISOLATION_FILE = "test_rls_isolation.py"
+_RLS_TEST_FILES = {"test_rls_isolation.py", "test_l1_rls.py"}
 
 
 def pytest_collection_modifyitems(config, items):
@@ -117,7 +117,9 @@ def pytest_collection_modifyitems(config, items):
     deselected = []
     for item in items:
         item_path = getattr(item, "path", None) or getattr(item, "fspath", None)
-        if item_path and str(item_path).endswith(_RLS_ISOLATION_FILE):
+        if item_path and any(
+            str(item_path).endswith(f) for f in _RLS_TEST_FILES
+        ):
             deselected.append(item)
         else:
             selected.append(item)