feat(audit): add Audit Log module — coverage, metrics endpoint, indexes

- UserStatusView, EventModerationView, ReviewModerationView,
  PartnerKYCReviewView: each state change now emits _audit_log()
  inside the same transaction.atomic() block so the log stays
  consistent with DB state on partial failure
- AuditLogMetricsView: GET /api/v1/rbac/audit-log/metrics/ returns
  total/today/week/distinct_users/by_action_group; 60 s cache with
  ?nocache=1 bypass
- AuditLogListView: free-text search (Q over action/target/user),
  page_size bounded to [1, 200]
- accounts.User.ALL_MODULES += 'audit-log';
  StaffProfile.SCOPE_TO_MODULE['audit'] = 'audit-log'
- Migration 0005: composite indexes (action,-created_at) and
  (target_type,target_id) on AuditLog
- admin_api/tests.py: 11 tests covering list shape, search,
  page bounds, metrics shape+nocache, suspend/ban/reinstate
  audit emission

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

admin_api/migrations/0005_auditlog_indexes.py

@@ -0,0 +1,31 @@
+# Generated by Django 4.2.21 for the Audit Log module (admin_api v1.12.0).
+#
+# Adds two composite indexes to `AuditLog` so the new /audit-log admin page
+# can filter by action and resolve "related entries" lookups without a full
+# table scan once the log grows past a few thousand rows.
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('admin_api', '0004_lead_user_account'),
+    ]
+
+    operations = [
+        migrations.AddIndex(
+            model_name='auditlog',
+            index=models.Index(
+                fields=['action', '-created_at'],
+                name='auditlog_action_time_idx',
+            ),
+        ),
+        migrations.AddIndex(
+            model_name='auditlog',
+            index=models.Index(
+                fields=['target_type', 'target_id'],
+                name='auditlog_target_idx',
+            ),
+        ),
+    ]