feat: enforce tenant isolation for audit logs and enhance user list filtering for multi-tenant admins

backend/internal/domain/models.go

@@ -10,6 +10,7 @@ type AuditLog struct {
 	EventID    string    `json:"event_id"`
 	Timestamp  time.Time `json:"timestamp"`
 	UserID     string    `json:"user_id"`
+	TenantID   string    `json:"tenant_id,omitempty"`
 	SessionID  string    `json:"session_id,omitempty"`
 	EventType  string    `json:"event_type"` // e.g., "login_success", "login_failed", "otp_sent"
 	Status     string    `json:"status"`     // e.g., "success", "failure"
@@ -23,7 +24,7 @@ type AuditLog struct {
 // AuditRepository defines interface for storing logs
 type AuditRepository interface {
 	Create(log *AuditLog) error
-	FindPage(ctx context.Context, limit int, cursor *AuditCursor) ([]AuditLog, error)
+	FindPage(ctx context.Context, limit int, cursor *AuditCursor, tenantID string) ([]AuditLog, error)
 	FindByUserAndEvents(ctx context.Context, userID string, eventTypes []string, limit int) ([]AuditLog, error)
 	CountFailuresSince(ctx context.Context, since time.Time, tenantID string) (int64, error)
 	CountActiveSessionsSince(ctx context.Context, since time.Time, tenantID string) (int64, error)