Add identity audit logging

[darshana-v]

Summary

Identity mutations (create/update/delete) previously had no audit trail. Operators had no way to answer "who registered this agent?" or "who changed its trust level and when?". owner_user_id is a static ownership field on the identity, not a record of who performed a given operation.

This PR adds an identity_audit_logs table that records every mutation with the acting user's ID (from the X-User-ID header, set by TenantContextMiddleware), a timestamp, and before/after JSONB snapshots of the identity row.

---

Type of change

• Bug fix (non-breaking change which fixes an issue)
• Chore (refactoring code, technical debt, workflow improvements)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor (does not change functionality, e.g. code style improvements, linting)
• This change requires a documentation update

---

Testing

• Manually tested
• Unit tests added/updated
• No tests required

---

Impact / Risks

---

📸 Screenshots / Logs (if applicable)

---

[gemini-code-assist]

Code Review

This pull request implements an audit logging system for identity lifecycle operations, including the creation of a new database table, repository, and service-level integration. The feedback focuses on ensuring the acting user's ID is consistently captured across all service methods (specifically within the agent service), standardizing audit timestamps to UTC, and expanding the logging logic to include failed operation attempts for a more comprehensive security trail.

[darshana-v]

https://github.com/highflame-ai/highflame-admin/issues/1133