fix(together): revert broken userCheck that caused 403 for all JWT users

userCheck required username to match users.user_id/name, but Together
usernames (mai, EIJI) never matched users table entries (maita, partner).
All JWT-bearing clients were getting 403. Reverts to member-row-only
check until user_id backfill is complete (Phase 1).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

server.js

@@ -797,15 +797,7 @@ async function togetherEnsureMember(pool, res, groupId, username, jwtUserId) {
                 [gidNum, username]
             );
             if (legacy.rows.length > 0) {
-                // JWT ユーザーが送信した username の本人であることを確認（なりすまし防止）
+                // user_id 未紐付け期間の暫定: メンバー行があれば許可（紐付け完了後に削除予定）
-                const userCheck = await pool.query(
-                    'SELECT 1 FROM users WHERE user_id=$1 AND (user_id=$2 OR name=$2)',
-                    [jwtUserId, username]
-                );
-                if (userCheck.rows.length === 0) {
-                    res.status(403).json({ error: 'グループのメンバーではありません' });
-                    return false;
-                }
                 console.warn('[Together] legacy path used user=%s username=%s group=%s', jwtUserId, username, gidNum);
                 return true;
             }