feat(audit): Add core audit logging infrastructure

- Add AuditLogger class with rotation support
- Add audit configuration to config schema
- Instrument tool execution with full audit logging
- Instrument session lifecycle (create, message, delete, transfer, compact)
- Add audit logger initialization in daemon
- Add cron scheduler audit logging

Audit events captured:
- tool.start/success/error/denied
- session.create/message/delete/transfer/compact
- cron.trigger/add/remove

All logs go to ~/.local/share/flynn/audit.log (JSON lines)
with rotation (10MB files, 30-day retention)

src/daemon/index.ts

@@ -30,6 +30,7 @@ import { ChannelRegistry } from '../channels/index.js';
 import type { McpManager } from '../mcp/index.js';
 import type { SkillRegistry, SkillInstaller } from '../skills/index.js';
 import type { GatewayServer } from '../gateway/index.js';
+import { AuditLogger, initAuditLogger } from '../audit/index.js';
 
 export interface DaemonContext {
   config: Config;
@@ -61,6 +62,15 @@ export async function startDaemon(config: Config): Promise<DaemonContext> {
   const dataDir = process.env.FLYNN_DATA_DIR ?? resolve(homedir(), '.local/share/flynn');
   mkdirSync(dataDir, { recursive: true });
 
+  // ── Audit Logger ──
+  const auditLoggerInstance = new AuditLogger(config.audit);
+  initAuditLogger(auditLoggerInstance);
+
+  lifecycle.onShutdown(async () => {
+    await auditLoggerInstance.close();
+    console.log('Audit logger closed');
+  });
+
   const sessionStore = new SessionStore(resolve(dataDir, 'sessions.db'));
   const sessionManager = new SessionManager(sessionStore);