fix: use correct auth scopes for DELETE and POST routes in incidents.py

[DragonBot00]

Summary

Fixes incorrect auth scopes in keep/api/routes/incidents.py.

Following the permissions convention (read, write, delete, update), DELETE endpoints should require delete:* scope, not write:*. Using write:incident on DELETE routes means a role that can create/update incidents can also delete them — making it impossible to grant modify-only access without also granting delete access.

Closes #5363

Changes

Fixed delete:incident scope on DELETE routes:

• DELETE /bulk — bulk delete incidents
• DELETE /{incident_id} — delete single incident
• DELETE /{incident_id}/alerts — remove alerts from incident

Fixed read:incidents scope on POST query route:

• POST /facets/options — this is a read query (POST with body for filtering), should use read:incidents not read:alert

Also unified scope naming:

• read:incidents (plural) was used alongside read:incident (singular) — the facets/options route already used read:alert which is semantically wrong for an incident query endpoint.

Before / After

Route	Before	After
DELETE /bulk	write:incident	delete:incident
DELETE /{incident_id}	write:incident	delete:incident
DELETE /{incident_id}/alerts	write:incident	delete:incident
POST /facets/options	read:alert	read:incidents

[vercel]

@DragonBot00 is attempting to deploy a commit to the KeepHQ Team on Vercel.

A member of the Team first needs to authorize it.

[DragonBot00]

I have read the CLA Document and I hereby sign the CLA