Implement Phase 1 audit logging

Add centralized admin action logger and integrate logging for:
- Alert resolutions (system, rate limit, grouped)
- Role grants/revokes in UserRoleManager
- Incident creation/acknowledgement/resolution
- Moderation lock overrides

Includes file updates and usage across relevant components to ensure consistent audit trails.

src/lib/adminActionAuditHelpers.ts

@@ -0,0 +1,45 @@
+/**
+ * Centralized audit logging for all admin/moderator/superuser actions
+ * 
+ * This ensures consistent logging across the application and provides
+ * a single point of maintenance for audit trail functionality.
+ */
+
+import { supabase } from '@/lib/supabaseClient';
+import { handleNonCriticalError } from '@/lib/errorHandler';
+
+/**
+ * Log any admin/moderator/superuser action to the audit trail
+ * 
+ * @param action - The action being performed (e.g., 'system_alert_resolved', 'role_granted')
+ * @param details - Key-value pairs with action-specific details
+ * @param targetUserId - The user affected by this action (optional, defaults to admin user)
+ */
+export async function logAdminAction(
+  action: string,
+  details: Record<string, any>,
+  targetUserId?: string
+): Promise<void> {
+  try {
+    const { data: { user } } = await supabase.auth.getUser();
+    if (!user) {
+      console.warn('Cannot log admin action: No authenticated user', { action, details });
+      return;
+    }
+
+    await supabase.rpc('log_admin_action', {
+      _admin_user_id: user.id,
+      _target_user_id: targetUserId || user.id,
+      _action: action,
+      _details: details
+    });
+    
+    console.log('✅ Admin action logged:', { action, targetUserId, hasDetails: Object.keys(details).length > 0 });
+  } catch (error) {
+    // Log error but don't throw - audit logging shouldn't block operations
+    handleNonCriticalError(error, {
+      action: 'Log admin action',
+      metadata: { adminAction: action, details }
+    });
+  }
+}