Summary: Remove the security risk by deleting the old hardcoded keys and decommissioning the Cirrus configuration. Description: Now that GitHub Actions OIDC is working, the old "AMI key" (IAM User Access Key) is dead weight and a security risk.

• Tasks:

1. 1. Monitor the AWS IAM Console for the old Access Key's "Last Used" timestamp to ensure it hasn't been used in 24+ hours.

1. 1. Deactivate the Access Key in AWS IAM (don't delete immediately; keep it inactive for 1 week as a backup).

1. 1. Remove the .cirrus.yml file from the repository (if fully migrating).

1. 1. Delete the old secrets from the CI settings.

Acceptance Criteria:

• [ ] Old IAM User Access Key is Deactivated.

• [ ] Legacy CI configuration files are removed from the repo.

• [ ] Build continues to pass in GitHub Actions.