feat(audit): admin audit log

Audit log
- Add audit_log table (migration + schema) with index on created_at.
- Add auditLog service (writeAudit, getClientIp) and record events for backups
  (create, restore, upload-restore, delete, auto-settings), admin actions
  (users, OIDC, invites, system update, demo baseline, bag tracking, packing
  template delete, addons), and auth (app settings, MFA enable/disable).
- Add GET /api/admin/audit-log with pagination; fix invite insert row id lookup.
- Add AuditLogPanel and Admin tab; adminApi.auditLog.
- Add admin.tabs.audit and admin.audit.* strings in all locale files.
Note: Rebase feature branches so new DB migrations stay after existing ones
  (e.g. file_links) when merging upstream.

client/src/i18n/translations/nl.ts

@@ -271,6 +271,7 @@ const nl: Record<string, string> = {
   'admin.tabs.users': 'Gebruikers',
   'admin.tabs.categories': 'Categorieën',
   'admin.tabs.backup': 'Back-up',
+  'admin.tabs.audit': 'Auditlog',
   'admin.stats.users': 'Gebruikers',
   'admin.stats.trips': 'Reizen',
   'admin.stats.places': 'Plaatsen',
@@ -412,6 +413,19 @@ const nl: Record<string, string> = {
 
   // GitHub
   'admin.tabs.github': 'GitHub',
+
+  'admin.audit.subtitle': 'Beveiligingsgevoelige en beheerdersgebeurtenissen (back-ups, gebruikers, MFA, instellingen).',
+  'admin.audit.empty': 'Nog geen auditregistraties.',
+  'admin.audit.refresh': 'Vernieuwen',
+  'admin.audit.loadMore': 'Meer laden',
+  'admin.audit.showing': '{count} geladen · {total} totaal',
+  'admin.audit.col.time': 'Tijd',
+  'admin.audit.col.user': 'Gebruiker',
+  'admin.audit.col.action': 'Actie',
+  'admin.audit.col.resource': 'Bron',
+  'admin.audit.col.ip': 'IP',
+  'admin.audit.col.details': 'Details',
+
   'admin.github.title': 'Release-geschiedenis',
   'admin.github.subtitle': 'Laatste updates van {repo}',
   'admin.github.latest': 'Nieuwste',