Audit logging added for expression-based role assignments

Expression-based role assignments in n8n's enterprise SSO provisioning now generate audit logs. When users log in via OIDC, SAML, or LDAP, the system evaluates mapping rules to determine their roles — but until now, there was no record of which rule matched or what roles changed. This PR adds that visibility.

Every login now produces an audit event capturing the matched rule ID and expression for both instance and project roles, whether a fallback was used, and the previous role values for change detection. Removed project access is also tracked. Additionally, all administrative operations on mapping rules — create, move, patch, and delete — emit their own audit events with the acting user, rule type, and changed fields.

The ResolvedInstanceRole and ResolvedProjectRole types carry enriched metadata through the flow. The resolveInstanceRole() and resolveProjectRoles() methods return rule IDs and expressions alongside role names, which the applyExpressionMappedRoles() method uses to build the audit payload.

In the CLI package, the RoleMappingRuleController now emits events after each operation, while the expressionMappingRolesResolved() handler sends them to the event bus. Four new event names are registered in eventNamesAudit.

This audit coverage supports security and compliance requirements for organizations using expression-based role mapping — administrators can now trace exactly which rules determined access and audit administrative changes to those rules.