Add system phase 4 audits

- Add audit logging for system maintenance operations (cache/orphaned images/manual cleanup)
- Log account deletion request handling (requests/confirm/cancel)
- Log security actions (admin password resets, MFA enforcement changes, account lockouts)

src/components/auth/TOTPSetup.tsx

@@ -115,6 +115,21 @@ export function TOTPSetup() {
 
       if (verifyError) throw verifyError;
 
+      // Log MFA enrollment to audit trail
+      try {
+        const { logAdminAction } = await import('@/lib/adminActionAuditHelpers');
+        await logAdminAction(
+          'mfa_enabled',
+          {
+            factor_id: factorId,
+            factor_type: 'totp',
+            friendly_name: 'Authenticator App',
+          }
+        );
+      } catch (auditError) {
+        // Non-critical - don't fail enrollment if audit logging fails
+      }
+
       // Check if user signed in via OAuth and trigger step-up flow
       const authMethod = getAuthMethod();
       const isOAuthUser = authMethod === 'oauth';

src/lib/identityService.ts

@@ -257,6 +257,21 @@ export async function addPasswordToAccount(): Promise<IdentityOperationResult> {
       method: 'reset_password_flow',
       timestamp: new Date().toISOString()
     });
+
+    // Log to admin audit trail for security tracking
+    try {
+      const { logAdminAction } = await import('@/lib/adminActionAuditHelpers');
+      await logAdminAction(
+        'password_setup_initiated',
+        {
+          method: 'reset_password_email',
+          email: userEmail,
+          has_oauth: true, // If they're adding password, they must have OAuth
+        }
+      );
+    } catch (auditError) {
+      // Non-critical - don't fail operation if audit logging fails
+    }
     
     return { 
       success: true,