Add audit log retention and pruning mechanism

[devondragon]

Summary

Implement a retention policy and automated pruning for audit logs to prevent unbounded table growth.

Background

The RBAC audit logging system currently stores all audit events indefinitely. As the system scales, the audit_logs table will grow unbounded, leading to:

• Increased storage costs
• Slower query performance
• Potential D1 database size limits

Requirements

• Design configurable retention policy (e.g., AUDIT_LOG_RETENTION_DAYS env var)
• Implement scheduled cleanup using Cloudflare Cron Triggers
• Add pruning logic that deletes records older than retention period
• Ensure pruning doesn't block normal operations (batch deletes)
• Add monitoring/alerting for pruning failures
• Document retention configuration options

Technical Considerations

• Use Cloudflare Cron Triggers for scheduled execution
• Batch deletes to avoid long-running transactions
• Consider archiving to R2 before deletion for compliance
• Add index on created_at column if not present for efficient date-based queries

Acceptance Criteria

• Audit logs older than configured retention period are automatically deleted
• Pruning runs on configurable schedule (default: daily)
• No impact on normal audit logging operations during pruning
• Configuration documented in README

Related

Part of RBAC implementation (issue #16)