Audit log

Tamper-evident audit feed. All admin actions (admin.user.disable, admin.user.assign_plan,admin.user.assign_role,admin.user.reset_sessions) are recorded here, plus observability events (obs.*) and quota events (usage.*).

Wire GET /v1/admin/audit?limit=200 to populate.