Top-level /system/** endpoints — master-only
system & maintenance operations. Authorize with a master
access-token (header store: *); any non-master
token is rejected with 403. The target store is the
store field in the request body.
⚠ These operations are destructive and irreversible (e.g.
store/delete recursively wipes store/{sid}).
Use the abc test store, never a real one.