feat: add audit log table and integration with admin/tree endpoints

Creates AuditLog model with JSONB details column for tracking admin
actions. Integrates log_audit() helper into admin endpoints (role
change, team admin toggle, deactivate, activate) and tree delete.
IP address column reserved for future Railway proxy header support.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend/app/core/audit.py

@@ -0,0 +1,24 @@
+"""Centralized audit logging for admin and destructive actions."""
+from uuid import UUID
+from typing import Optional
+from sqlalchemy.ext.asyncio import AsyncSession
+from app.models.audit_log import AuditLog
+
+
+async def log_audit(
+    db: AsyncSession,
+    user_id: UUID,
+    action: str,
+    resource_type: str,
+    resource_id: Optional[UUID] = None,
+    details: Optional[dict] = None,
+) -> None:
+    """Record an audit log entry. Does not commit — piggybacks on the caller's commit."""
+    entry = AuditLog(
+        user_id=user_id,
+        action=action,
+        resource_type=resource_type,
+        resource_id=resource_id,
+        details=details,
+    )
+    db.add(entry)