refactor: remove redundant GET /api/users/security (checkSessionRecord)

[gustavosbarreto]

Problem

GET /api/users/security (operationId checkSessionRecord, "Check session
record status") is redundant and unused by the active console.

• It returns a single boolean, the namespace's settings.session_record. That
  value is already available from GET /api/namespaces/{tenant}
  (settings.session_record).
• The active frontend (ui-react) does not call it. It only appears in the
  generated client. The only real reference is a wrapper in the dead Vue UI
  (shellhub/ui/src/store/api/users.ts, getSessionRecordStatus), which is
  served only under /v1/.
• The path is misleading: /users/security for a namespace-level setting. The
  GET has no tenant guard (it reads the tenant from context), unlike its sibling
  PUT /api/users/security/{tenant} which carries RequiresTenant and
  RequiresPermission.

Remove

• Route registration: api/routes/routes.go:192
  (publicAPI.GET(GetSessionRecordURL, gateway.Handler(handler.GetSessionRecord)))
• URL constant: api/routes/nsadm.go:21 (GetSessionRecordURL)
• Handler: api/routes/nsadm.go:253 (GetSessionRecord)
• Service: api/services/namespace.go:258 (GetSessionRecord)

The setter PUT /api/users/security/{tenant} (setSessionRecord /
EditSessionRecordStatus) stays.

OpenAPI

The OpenAPI entry (/api/users/security and paths/api@users@security.yaml) is
being removed as part of the customer-docs work, so no OpenAPI change is needed
in this cleanup.