fix: enqueue KetoOutboxActionDelete for isRemoveTenant

- Ensure Keto permissions are correctly revoked when a user is removed from a tenant.

backend/internal/handler/user_handler.go

@@ -1556,6 +1556,22 @@ func (h *UserHandler) UpdateUser(c *fiber.Ctx) error {
 			}
 			existingCodes = newCodes
 
+			// [Keto Sync] Remove membership for the target tenant
+			if h.TenantService != nil && h.KetoOutboxRepo != nil && code != "" {
+				go func(removedSlug string) {
+					bgCtx := context.Background()
+					if t, err := h.TenantService.GetTenantBySlug(bgCtx, removedSlug); err == nil && t != nil {
+						_ = h.KetoOutboxRepo.Create(bgCtx, &domain.KetoOutbox{
+							Namespace: "Tenant",
+							Object:    t.ID,
+							Relation:  "members",
+							Subject:   "User:" + userID,
+							Action:    domain.KetoOutboxActionDelete,
+						})
+					}
+				}(code)
+			}
+
 			// If removing the primary company code, pick another one as primary if available
 			currentPrimary := extractTraitString(traits, "companyCode")
 			if currentPrimary == code {