feat: implement audit logging for admin actions and order lifecycle events`

[saidai-bhuvanesh]

Summary:
Implements a secure, structured audit trail for all critical admin actions to improve accountability, security investigations, and order traceability. Every audit event is written in a fire-and-forget manner so it can never block or fail a user-facing request.

Changes:

File	What changed
api/models/AuditLog.js (new)	Immutable MongoDB schema with TTL auto-expiry after 90 days
api/services/auditService.js (new)	Centralized log writer with graceful DB fallback to stderr
api/controllers/adminController.js	Emits ADMIN_LOGIN and ADMIN_LOGIN_FAILED on every auth attempt
api/controllers/orderController.js	Emits PAYMENT_CONFIRMED and ORDER_STATUS_CHANGED after each action
api/routes/adminRoutes.js	Adds GET /api/admin/audit-logs protected by adminAuth

Testing:

• ADMIN_LOGIN audit entry written on successful login
• ADMIN_LOGIN_FAILED audit entry written on bad credentials
• GET /api/admin/audit-logs returns structured logs for authenticated admin
• GET /api/admin/audit-logs returns 401 for unauthenticated requests
• All 11 tests pass with no regressions

[vercel]

Someone is attempting to deploy a commit to the adithyansubramani1-1657's projects Team on Vercel.

A member of the Team first needs to authorize it.