feature/1027: Implement GDPR-Compliant User Anonymization (Soft Delete)

[babakjahan]

User Story: Implement GDPR-Compliant User Anonymization

As an admin user
I want to anonymize a user and all personally identifiable data (e.g. name, email, address, etc.) while preserving related records (orders, carts, payments, etc.)
So that I can comply with GDPR “Right to be Forgotten” requirements and maintain database integrity without losing business-critical history.

Acceptance Criteria

• Admin can anonymize a user by ID
• System replaces all PII fields (email, name, phone, address, etc.) with dummy values (e.g. deleted_user_{id}@example.com, Anonymous)
• User becomes inactive and cannot log in after anonymization
• Related records (orders, carts, payments, etc.) remain intact and reference the anonymized user
• Operation runs atomically (within a single transaction)
• Error is returned if user does not exist
• System confirms successful anonymization with a clear response message
• Process is irreversible and GDPR-compliant

Notes

• Anonymization uses a dedicated endpoint and use case (e.g. DELETE /admin/users/{id}/anonymize)
• Audit log entry records who performed the anonymization and when
• PII fields are replaced as follows:

  Field	Replacement
  email	deleted_user_{id}@example.com
  username	deleted_{id}
  first_name	Anonymous
  last_name	None
  phone	None
  address	None

• Related data (orders, carts, payments, reviews, etc.) must not be deleted
• Works across both PostgreSQL and SQLite backends
• Fully compliant with GDPR Article 17 – Right to Erasure