Fix race condition: purge anonymous ops AFTER queue is loaded

IdentityVerificationService.onModelReplaced (config HYDRATE) could
fire before OperationRepo.loadSavedOperations() finished, causing
removeOperationsWithoutExternalId() to run against an empty queue.

Wrap the HYDRATE handler in suspendifyOnIO + awaitInitialized() so
the purge waits for the queue to be fully populated, following the
same pattern as RecoverFromDroppedLoginBug.

Author: nan-li

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/config/impl/IdentityVerificationService.kt

@@ -3,6 +3,7 @@ package com.onesignal.core.internal.config.impl
 import com.onesignal.common.modeling.ISingletonModelStoreChangeHandler
 import com.onesignal.common.modeling.ModelChangeTags
 import com.onesignal.common.modeling.ModelChangedArgs
+import com.onesignal.common.threading.suspendifyOnIO
 import com.onesignal.core.internal.config.ConfigModel
 import com.onesignal.core.internal.config.ConfigModelStore
 import com.onesignal.core.internal.operations.IOperationRepo
@@ -42,21 +43,25 @@ internal class IdentityVerificationService(
 
         val useIV = model.useIdentityVerification
 
-        var jwtInvalidatedExternalId: String? = null
-        if (useIV == true) {
-            Logging.debug("IdentityVerificationService: IV enabled, purging anonymous operations")
-            _operationRepo.removeOperationsWithoutExternalId()
+        suspendifyOnIO {
+            _operationRepo.awaitInitialized()
 
-            val externalId = _identityModelStore.model.externalId
-            if (externalId != null && _jwtTokenStore.getJwt(externalId) == null) {
-                Logging.debug("IdentityVerificationService: IV enabled but no JWT for $externalId, will fire invalidated event after queue wake")
-                jwtInvalidatedExternalId = externalId
+            var jwtInvalidatedExternalId: String? = null
+            if (useIV == true) {
+                Logging.debug("IdentityVerificationService: IV enabled, purging anonymous operations")
+                _operationRepo.removeOperationsWithoutExternalId()
+
+                val externalId = _identityModelStore.model.externalId
+                if (externalId != null && _jwtTokenStore.getJwt(externalId) == null) {
+                    Logging.debug("IdentityVerificationService: IV enabled but no JWT for $externalId, will fire invalidated event after queue wake")
+                    jwtInvalidatedExternalId = externalId
+                }
             }
-        }
 
-        _operationRepo.forceExecuteOperations()
+            _operationRepo.forceExecuteOperations()
 
-        jwtInvalidatedExternalId?.let { _userManager.fireJwtInvalidated(it) }
+            jwtInvalidatedExternalId?.let { _userManager.fireJwtInvalidated(it) }
+        }
     }
 
     override fun onModelUpdated(

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/operations/impl/OperationRepo.kt

@@ -555,9 +555,7 @@ internal class OperationRepo(
                 _operationModelStore.remove(it.operation.id)
                 it.waiter?.wake(false)
             }
-            if (toRemove.isNotEmpty()) {
-                Logging.debug("OperationRepo: removed ${toRemove.size} anonymous operations (no externalId)")
-            }
+            Logging.debug("OperationRepo: removeOperationsWithoutExternalId removed ${toRemove.size} of ${toRemove.size + queue.size} operations")
 
             // IV=ON never transfers anonymous state; clear existingOnesignalId so
             // the executor takes the createUser (upsert) path.