feat(secrets-mcp): 审计页、audit_log user_id、OAuth 登录与仪表盘 footer

- audit_log 增加 user_id；业务写审计透传 user_id
- Web /audit 与侧边栏；Dashboard 版本 footer 贴底（margin-top: auto）
- 停止 API Key 鉴权成功写入登录审计
- 文档、CI、release-check 配套更新

Made-with: Cursor

crates/secrets-mcp/src/auth.rs

@@ -9,7 +9,6 @@ use axum::{
 use sqlx::PgPool;
 use uuid::Uuid;
 
-use secrets_core::audit::log_login;
 use secrets_core::service::api_key::validate_api_key;
 
 /// Injected into request extensions after Bearer token validation.
@@ -35,15 +34,6 @@ fn log_client_ip(req: &Request) -> Option<String> {
         .map(|c| c.ip().to_string())
 }
 
-fn log_user_agent(req: &Request) -> Option<String> {
-    req.headers()
-        .get(axum::http::header::USER_AGENT)
-        .and_then(|v| v.to_str().ok())
-        .map(str::trim)
-        .filter(|value| !value.is_empty())
-        .map(ToOwned::to_owned)
-}
-
 /// Axum middleware that validates Bearer API keys for the /mcp route.
 /// Passes all non-MCP paths through without authentication.
 pub async fn bearer_auth_middleware(
@@ -54,7 +44,6 @@ pub async fn bearer_auth_middleware(
     let path = req.uri().path();
     let method = req.method().as_str();
     let client_ip = log_client_ip(&req);
-    let user_agent = log_user_agent(&req);
 
     // Only authenticate /mcp paths
     if !path.starts_with("/mcp") {
@@ -95,15 +84,6 @@ pub async fn bearer_auth_middleware(
 
     match validate_api_key(&pool, raw_key).await {
         Ok(Some(user_id)) => {
-            log_login(
-                &pool,
-                "api_key",
-                "bearer",
-                user_id,
-                client_ip.as_deref(),
-                user_agent.as_deref(),
-            )
-            .await;
             tracing::debug!(?user_id, "api key authenticated");
             let mut req = req;
             req.extensions_mut().insert(AuthUser { user_id });