fix: remove client-side encryption_enabled check that references nonexistent Supabase field

The encryption_enabled field lives in the Go API's PostgreSQL, not in Supabase.
The server-side admin rotate endpoint already rejects encrypted projects.

Author: GenerQAQ

dashboard/app/project/[id]/api-keys/actions.ts

@@ -85,15 +85,12 @@ export async function rotateSecretKey(projectId: string, apiKey?: string) {
   }
 
   try {
-    // Encrypted projects must use Bearer route to preserve master key
+    // When an API key is available, use the Bearer route (preserves master key
+    // for encrypted projects).  Otherwise fall back to the admin route, which
+    // will reject the request server-side if the project has encryption enabled.
     const client = new AcontextClient();
     let fullSecretKey: string;
-    if (project.encryption_enabled) {
-      if (!apiKey) {
-        return { error: "Encrypted projects require a saved API key to rotate. Please save your API key first." };
-      }
-      fullSecretKey = await client.rotateProjectSecretKey(apiKey);
-    } else if (apiKey) {
+    if (apiKey) {
       fullSecretKey = await client.rotateProjectSecretKey(apiKey);
     } else {
       fullSecretKey = await client.rotateProjectSecretKeyAdmin(projectId);