MTI and identity-hub FK coupling resolution

[snowfox1003]

Problem

The codebase has 14 Django apps (listed in config/settings.py) that share a database and a settings file but not an interface. Cross-app imports have been resolved (Week 22 import-linter contracts enforce boundaries), but foreign key relationships through cppa_user_tracker still create hard data-layer dependencies between apps that should otherwise be independent. This FK coupling directly blocks subset-schema testing: approximately half of the 14 Django apps have limited or no tests, and the tests that exist run on SQLite in-memory while production uses PostgreSQL, meaning PostgreSQL-specific behavior like JSONB operations and advisory locks is untested in CI. Decoupling the identity hub is a prerequisite for independent app boundaries; without it, each new app deepens the shared-schema entanglement.

Acceptance Criteria

• Identify all FK relationships through cppa_user_tracker
• Propose decoupling strategy (soft references, service-layer lookup, or explicit boundary)
• Implement decoupling for at least one app (lowest-risk first)
• Subset-schema tests can run without the full database
• Migration does not break existing data

Implementation Notes

• Week 22's import-linter contracts + scripts/check_service_layer_writes.py enforce code boundaries; this is the data-layer equivalent
• The identity hub is the core coupling point — may need an API boundary via cppa_user_tracker/services.py
• Daniel's architecture docs from Week 22 map the dependency graph
• The CHANGELOG notes resolved cross-app import edges including "CSV owner lookup via cppa_user_tracker.services" — the FK coupling is a deeper layer of the same problem

References

• Horizon item from Week 22 plan
• Related files: cppa_user_tracker/, config/settings.py