Sensitive data prevention

[AustineSamuel]

Closes #354

---

Introduce a durable audit trail for compliance and incident response: record
actor, action, timestamp, and sanitized metadata for critical operations, with
an admin-only query endpoint.

Changes

• Add audit_logs Postgres entity and AuditService with metadata redaction
  (no passwords, secrets, or JWT-shaped strings in stored metadata).
• Emit audit on: wallet session creation, webhook secret rotation/expiry,
  subscription checkout confirm/fail.
• Expose GET /v1/admin/audit protected by AUDIT_ADMIN_API_KEY via
  x-admin-audit-key header; support filters (action, actor, date range) and
  pagination.
• Wire TypeOrmModule.forRoot in AppModule, optional TYPEORM_SYNC for local
  schema sync; document env vars in .env.example.
• Fix auth login/register body wiring; import ExampleController in
  AppModule; import type for RequestWithFan in subscriptions controller.
• Tests: sanitizer, audit service, admin guard; subscription audit assertion;
  wallet e2e stubs AuditModule to avoid DB.

How to test

• Set AUDIT_ADMIN_API_KEY and call GET /v1/admin/audit with header
  x-admin-audit-key.
• Trigger flows above and confirm rows in audit_logs (or via API).

[drips-wave]

@AustineSamuel Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits