revert: restore GatewayRead.token field to avoid frontend breaking change

The has_token boolean redaction requires coordinated frontend changes
(detail page, edit page, orval types). Revert to returning the raw
token for now; token redaction will be handled in a dedicated PR.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/tests/test_security_fixes.py

@@ -24,7 +24,6 @@ from app.models.board_webhooks import BoardWebhook
 from app.models.boards import Board
 from app.models.gateways import Gateway
 from app.models.organizations import Organization
-from app.schemas.gateways import GatewayRead
 from app.services.admin_access import require_user_actor
 
 # ---------------------------------------------------------------------------
@@ -497,36 +496,3 @@ class TestWebhookPayloadSizeLimit:
 # ---------------------------------------------------------------------------
 
 
-class TestGatewayTokenRedaction:
-    """Tests for gateway token redaction from API responses."""
-
-    def test_gateway_read_has_has_token_field(self) -> None:
-        read = GatewayRead(
-            id=uuid4(),
-            organization_id=uuid4(),
-            name="gw",
-            url="https://gw.example.com",
-            workspace_root="/ws",
-            has_token=True,
-            created_at="2025-01-01T00:00:00",
-            updated_at="2025-01-01T00:00:00",
-        )
-        data = read.model_dump()
-        assert "has_token" in data
-        assert data["has_token"] is True
-        # Ensure 'token' field is NOT present
-        assert "token" not in data
-
-    def test_gateway_read_without_token(self) -> None:
-        read = GatewayRead(
-            id=uuid4(),
-            organization_id=uuid4(),
-            name="gw",
-            url="https://gw.example.com",
-            workspace_root="/ws",
-            has_token=False,
-            created_at="2025-01-01T00:00:00",
-            updated_at="2025-01-01T00:00:00",
-        )
-        assert read.has_token is False
-