feat(core): add audit logging to all mutation operations

Create audit_log SeaORM entity and audit_service::record() helper.
Integrate audit recording into 35 mutation endpoints across all modules:
- erp-auth: user/role/organization/department/position CRUD (15 actions)
- erp-config: dictionary/menu/setting/numbering_rule CRUD (15 actions)
- erp-workflow: definition/instance/task operations (8 actions)
- erp-message: send/system/mark_read/delete (5 actions)

Uses fire-and-forget pattern — audit failures logged but non-blocking.

crates/erp-workflow/src/service/task_service.rs

@@ -12,6 +12,8 @@ use crate::engine::executor::FlowExecutor;
 use crate::engine::parser;
 use crate::entity::{process_definition, process_instance, task};
 use crate::error::{WorkflowError, WorkflowResult};
+use erp_core::audit::AuditLog;
+use erp_core::audit_service;
 use erp_core::events::EventBus;
 use erp_core::types::Pagination;
 
@@ -242,6 +244,13 @@ impl TaskService {
             serde_json::json!({ "task_id": id, "outcome": req.outcome }),
         ));
 
+        audit_service::record(
+            AuditLog::new(tenant_id, Some(operator_id), "task.complete", "task")
+                .with_resource_id(id),
+            db,
+        )
+        .await;
+
         // 重新查询任务
         let updated = task::Entity::find_by_id(id)
             .one(db)
@@ -311,6 +320,13 @@ impl TaskService {
             .await
             .map_err(|e| WorkflowError::Validation(e.to_string()))?;
 
+        audit_service::record(
+            AuditLog::new(tenant_id, Some(operator_id), "task.delegate", "task")
+                .with_resource_id(id),
+            db,
+        )
+        .await;
+
         Ok(Self::model_to_resp(&updated))
     }