#316 Add Audit Logging for All Secret Operations

## Problem No audit logging for secret operations. Only standard Python logging which is not: - Persistent in database - Queryable by tenant/user - Compliant with audit requirements ## Required Audit Events - SECRET_CREATED: path, keys (not values), user, timestamp - SECRET_UPDATED: path, keys changed, user, timestamp - SECRET_DELETED: path, user, timestamp - SECRET_READ: path, key accessed (workflow context), timestamp - SECRET_LIST: path queried, user, timestamp ## Acceptance Criteria - All secret operations logged to audit_logs table - Audit includes tenant_id, user_email, action, path, timestamp - Secret VALUES never logged - API endpoint to query secret audit: GET /tenant/secrets/<path>/audit - Audit retention policy configurable