state: replace zcache with bounded LRU for auth cache

Replace zcache with golang-lru/v2/expirable for both the state auth
cache and the OIDC state cache. Add tuning.register_cache_max_entries
(default 1024) to cap the number of pending registration entries.

Introduce types.RegistrationData to replace caching a full *Node;
only the fields the registration callback path reads are retained.
Remove the dead HSDatabase.regCache field. Drop zgo.at/zcache/v2
from go.mod.

hscontrol/state/debug.go

@@ -211,15 +211,13 @@ func (s *State) DebugSSHPolicies() map[string]*tailcfg.SSHPolicy {
 
 // DebugRegistrationCache returns debug information about the registration cache.
 func (s *State) DebugRegistrationCache() map[string]any {
-	// The cache doesn't expose internal statistics, so we provide basic info
-	result := map[string]any{
-		"type":       "zcache",
-		"expiration": registerCacheExpiration.String(),
-		"cleanup":    registerCacheCleanup.String(),
-		"status":     "active",
+	return map[string]any{
+		"type":        "expirable-lru",
+		"expiration":  registerCacheExpiration.String(),
+		"max_entries": defaultRegisterCacheMaxEntries,
+		"current_len": s.authCache.Len(),
+		"status":      "active",
 	}
-
-	return result
 }
 
 // DebugConfig returns debug information about the current configuration.