Security Insights Admin: Unified Security Event Export & Incident Aggregation

[elanlaw1206]

Summary

This PR introduces an admin-focused Security Insights feature that provides a unified export of security-related events for audit, compliance, and incident analysis purposes.

A new backend-only API endpoint is added to aggregate authentication, brute-force, and session lifecycle events into a normalised security event model, with optional incident correlation and multi-format export.

---

Key Features

• Introduced GET /api/security/events/export endpoint for exporting security events.
• Aggregates data from auth_logs, brute_force_logs, and user_session into a unified timeline.
• Supports both JSON (pretty-printed, including incident summaries) and CSV (events-only) output formats.
• Added a normalised SecurityEvent model and SecurityEventType definitions to standardise security telemetry.
• Implemented an initial incident aggregation layer to group related events.
• Fully documented via OpenAPI (Swagger) for ease of review and demonstration.

---

Design Notes

• Backend-only implementation with no frontend dependency.
• Read-only and backward-compatible; no existing API behaviour is modified.
• Designed for admin/audit use cases and future extension (severity scoring, correlation confidence, dashboards).

---

Testing / Validation

• Validated via Swagger UI using different date ranges and output formats.
• CSV downloads verified with correct headers and safe escaping.
• JSON output verified for summary accuracy and incident grouping.

---

Scope

This change is self-contained and safe to merge. No database schema changes or breaking API changes are introduced.

Primary contributor: King Hei Law

[wenyupeng]

code review: pass.

[elanlaw1206]

Hi Chris,
I fixed the conflict, and checks are passed. Please review and approve if it is fine, thanks for the reviewing~

King hei