Remove old map-based user identifier extraction for sync workers

The whoami-based approach is now the only implementation for sync worker routing.
It works with all token types (native Synapse, MAS, etc.) and is automatically
enabled when sync workers exist.

The old map-based approach only worked with native Synapse tokens (syt_<b64>_...)
and would give poor results with MAS or other auth systems.

roles/custom/matrix-synapse-reverse-proxy-companion/defaults/main.yml

@@ -323,10 +323,6 @@ matrix_synapse_reverse_proxy_companion_njs_enabled: "{{ matrix_synapse_reverse_p
 # This works with any authentication system (native Synapse auth, MAS, etc.) because Synapse
 # handles the token validation internally.
 #
-# Without this, sticky routing falls back to parsing the username from the access token (only works
-# with native Synapse tokens of the form syt_<base64 username>_...), which only provides
-# device-level stickiness (same token -> same worker) rather than user-level stickiness.
-#
 # Enabled by default when there are sync workers, because sync workers benefit from user-level
 # stickiness due to their per-user in-memory caches.
 matrix_synapse_reverse_proxy_companion_whoami_sync_worker_router_enabled: "{{ matrix_synapse_reverse_proxy_companion_synapse_workers_list | selectattr('type', 'equalto', 'sync_worker') | list | length > 0 }}"

roles/custom/matrix-synapse-reverse-proxy-companion/templates/nginx/conf.d/matrix-synapse-reverse-proxy-companion.conf.j2

@@ -64,25 +64,6 @@
 
 {% if matrix_synapse_reverse_proxy_companion_synapse_workers_enabled %}
 
-# Access token to user identifier mapping logic.
-# This is used for sticky routing to ensure requests from the same user are routed to the same worker.
-{% if not matrix_synapse_reverse_proxy_companion_whoami_sync_worker_router_enabled %}
-# Extracts the base64-encoded localpart from native Synapse access tokens.
-# Native Synapse tokens have the format: syt_<base64 localpart>_<random>_<crc>
-# See: https://github.com/element-hq/synapse/blob/1bddd25a85d82b2ef4a2a42f6ecd476108d7dd96/synapse/handlers/auth.py#L1448-L1459
-# Maps from https://tcpipuk.github.io/synapse/deployment/nginx.html#mapsconf
-# Note: This only works with native Synapse tokens, not with MAS or other auth systems.
-map $arg_access_token $accesstoken_from_urlparam {
-  default                          $arg_access_token;
-  "~syt_(?<b64localpart>.*?)_.*"  $b64localpart;
-}
-map $http_authorization $user_identifier {
-  default                                 $http_authorization;
-  "~Bearer syt_(?<b64localpart>.*?)_.*"   $b64localpart;
-  ""                                      $accesstoken_from_urlparam;
-}
-{% endif %}
-
 # Whether to upgrade HTTP connection
 map $http_upgrade $connection_upgrade {
   default upgrade;
@@ -246,11 +227,7 @@ server {
 			# sync workers
 			# https://tcpipuk.github.io/synapse/deployment/workers.html
 			# https://tcpipuk.github.io/synapse/deployment/nginx.html#locationsconf
-			{% if matrix_synapse_reverse_proxy_companion_whoami_sync_worker_router_enabled %}
 			{{ render_locations_to_upstream_with_whoami_sync_worker_router(matrix_synapse_reverse_proxy_companion_synapse_sync_worker_client_server_locations, 'sync_workers_upstream') }}
-			{% else %}
-			{{ render_locations_to_upstream(matrix_synapse_reverse_proxy_companion_synapse_sync_worker_client_server_locations, 'sync_workers_upstream') }}
-			{% endif %}
 		{% endif %}
 
 		{% if client_reader_workers | length > 0 %}