feat(audit): Add core audit logging infrastructure

- Add AuditLogger class with rotation support
- Add audit configuration to config schema
- Instrument tool execution with full audit logging
- Instrument session lifecycle (create, message, delete, transfer, compact)
- Add audit logger initialization in daemon
- Add cron scheduler audit logging

Audit events captured:
- tool.start/success/error/denied
- session.create/message/delete/transfer/compact
- cron.trigger/add/remove

All logs go to ~/.local/share/flynn/audit.log (JSON lines)
with rotation (10MB files, 30-day retention)

src/config/schema.ts

@@ -384,8 +384,23 @@ const sessionsSchema = z.object({
 
 const logLevelSchema = z.enum(['debug', 'info', 'warn', 'error', 'silent']).default('info');
 
+const auditLevelSchema = z.enum(['debug', 'info', 'warn', 'error']).default('debug');
+
+const auditSchema = z.object({
+  enabled: z.boolean().default(true),
+  path: z.string().default('~/.local/share/flynn/audit.log'),
+  max_size_mb: z.number().min(1).max(1000).default(10),
+  keep_days: z.number().min(1).max(365).default(30),
+  levels: z.object({
+    tools: auditLevelSchema.default('debug'),
+    sessions: auditLevelSchema.default('debug'),
+    automation: auditLevelSchema.default('debug'),
+  }).default({}),
+}).default({});
+
 export const configSchema = z.object({
   log_level: logLevelSchema,
+  audit: auditSchema,
   telegram: telegramSchema.optional(),
   discord: discordSchema,
   slack: slackSchema,
@@ -451,3 +466,5 @@ export type GdriveConfig = z.infer<typeof gdriveSchema>;
 export type GtasksConfig = z.infer<typeof gtasksSchema>;
 export type PairingCodeConfig = z.infer<typeof pairingSchema>;
 export type LogLevel = z.infer<typeof logLevelSchema>;
+export type AuditConfig = z.infer<typeof auditSchema>;
+export type AuditLevel = z.infer<typeof auditLevelSchema>;