Caller authenticated identity snapshot returned by MCP auth guards.
Captured once at auth time; subsequent response filtering / push subscriber
registration / visibility uses this snapshot rather than re-resolving from
Bearer/startup (้ฒ SIGHUP reload race / drift between auth decision and side
effect).
Compute the audit key id from the same snapshot used by the write precheck.
This prevents SIGHUP reload between daemon dispatch and audit emission from
re-attributing an outcome to the startup key or <none>.