chore(tests): replace source-grep tests with handler tests

tests/server/api/events/payment-deletion.test.js

@@ -1,31 +0,0 @@
-import { describe, it, expect } from 'vitest'
-import { existsSync } from 'node:fs'
-import { resolve } from 'node:path'
-
-/**
- * Regression: `events/[id]/payment.post.js` was deleted because its
- * unauthenticated POST allowed any caller to spam-register an existing
- * member to any paid event by supplying their email. See
- * docs/superpowers/specs/2026-04-25-fix-3.md.
- *
- * With the route file gone, Nitro's filesystem router will not register
- * a handler at `/api/events/{id}/payment`, so a POST returns 404 — the
- * spam-register attack surface no longer exists at the network layer.
- */
-describe('events/[id]/payment route deletion', () => {
-  it('the payment.post.js route file no longer exists', () => {
-    const routePath = resolve(
-      import.meta.dirname,
-      '../../../../server/api/events/[id]/payment.post.js'
-    )
-    expect(existsSync(routePath)).toBe(false)
-  })
-
-  it('the secure replacement at tickets/purchase.post.js still exists', () => {
-    const replacementPath = resolve(
-      import.meta.dirname,
-      '../../../../server/api/events/[id]/tickets/purchase.post.js'
-    )
-    expect(existsSync(replacementPath)).toBe(true)
-  })
-})