chore(ps3): remove andrew.siemen SSH access

[nogueiraanderson]

Change

• Remove andrew.siemen from ps3 ssh_key_engineers (offboarding).

Mechanism

• That list is space-joined into the master launch-template user-data (user-data.sh.tftpl); each name's GitHub keys are appended to jenkins's authorized_keys at boot. There are no per-engineer IAM users.
• Per the template's own comment, removing a name revokes the key only on the next instance launch (rehydrate / spot replacement), NOT on the currently running host.

Applied (tofu apply)

• 0 added, 2 changed, 0 destroyed.
• module.ps3.aws_launch_template.master user_data updated (this change).
• module.ps57.aws_instance.master[0] user_data updated: pre-existing drift swept in by a non-targeted apply, not part of this task.

[nogueiraanderson]

Correction + rollout verification

The squash-commit message says this destroys an IAM user. That is wrong: there are no per-engineer IAM users. The ssh_key_engineers list is space-joined into the master launch-template user-data, which fetches each engineer's key from percona.com/get/engineer/KEY/<name>.pub and appends it to the host's authorized_keys at boot. Removing the name just stops that key from being installed on the next launch.

Because both compute resources carry ignore_changes on user_data (ps3 via the SpotFleet launch template, ps57 via aws_instance ... lifecycle { ignore_changes = [user_data] }), the merge alone did not evict the key from the running masters. Rolled out via tofu apply -replace on both:

• ps3 (spot): sfr-d3e634b5 to sfr-9a9ee7f0, new master i-0ebc45a55ec7098d7, ~3 min recovery.
• ps57 (on-demand): i-0054d13bac1c87208 to i-0ae8e2fe391bc9af6, ~2 min recovery.

aws_ebs_volume.data (JENKINS_HOME) preserved on both via prevent_destroy; user-data re-attaches it on boot.

Verified as root via SSM on both new instances: grep -ci siemen /home/ec2-user/.ssh/authorized_keys returns 0. Both masters report readiness OK / idle.