Add system phase 4 audits

- Add audit logging for system maintenance operations (cache/orphaned images/manual cleanup)
- Log account deletion request handling (requests/confirm/cancel)
- Log security actions (admin password resets, MFA enforcement changes, account lockouts)

src/components/auth/TOTPSetup.tsx

@@ -115,6 +115,21 @@ export function TOTPSetup() {
 
       if (verifyError) throw verifyError;
 
+      // Log MFA enrollment to audit trail
+      try {
+        const { logAdminAction } = await import('@/lib/adminActionAuditHelpers');
+        await logAdminAction(
+          'mfa_enabled',
+          {
+            factor_id: factorId,
+            factor_type: 'totp',
+            friendly_name: 'Authenticator App',
+          }
+        );
+      } catch (auditError) {
+        // Non-critical - don't fail enrollment if audit logging fails
+      }
+
       // Check if user signed in via OAuth and trigger step-up flow
       const authMethod = getAuthMethod();
       const isOAuthUser = authMethod === 'oauth';