Implement Phase 1 audit logging

Add centralized admin action logger and integrate logging for:
- Alert resolutions (system, rate limit, grouped)
- Role grants/revokes in UserRoleManager
- Incident creation/acknowledgement/resolution
- Moderation lock overrides

Includes file updates and usage across relevant components to ensure consistent audit trails.

src/components/moderation/UserRoleManager.tsx

@@ -189,6 +189,15 @@ export function UserRoleManager() {
       
       if (error) throw error;
       
+      // Log to audit trail
+      const { logAdminAction } = await import('@/lib/adminActionAuditHelpers');
+      const targetUsername = searchResults.find(p => p.user_id === userId)?.username;
+      await logAdminAction('role_granted', {
+        target_user_id: userId,
+        target_username: targetUsername,
+        role: role,
+      }, userId);
+      
       handleSuccess('Role Granted', `User has been granted ${getRoleLabel(role)} role`);
       setNewUserSearch('');
       setNewRole('');
@@ -208,10 +217,23 @@ export function UserRoleManager() {
     if (!isAdmin()) return;
     setActionLoading(roleId);
     try {
+      // Fetch role details before revoking
+      const roleToRevoke = userRoles.find(r => r.id === roleId);
+      
       const {
         error
       } = await supabase.from('user_roles').delete().eq('id', roleId);
       if (error) throw error;
+      
+      // Log to audit trail
+      const { logAdminAction } = await import('@/lib/adminActionAuditHelpers');
+      await logAdminAction('role_revoked', {
+        role_id: roleId,
+        target_user_id: roleToRevoke?.user_id,
+        target_username: roleToRevoke?.profiles?.username,
+        role: roleToRevoke?.role,
+      }, roleToRevoke?.user_id);
+      
       handleSuccess('Role Revoked', 'User role has been revoked');
       fetchUserRoles();
     } catch (error: unknown) {