refactor(db): 移除无意义 actor，修复 history 多租户与模型

- 删除 entries_history / audit_log / secrets_history 的 actor 列及写入逻辑
- MCP secrets_history 透传当前 user_id
- Entry 增加 user_id，search 查询不再用伪 UUID
- 迁移：保留 users.api_key，从 api_keys 表回退时生成新明文 key 并删表
- 文档：audit_log auth 语义、API Key 存储说明

Made-with: Cursor

crates/secrets-core/src/service/history.rs

@@ -7,7 +7,6 @@ use uuid::Uuid;
 pub struct HistoryEntry {
     pub version: i64,
     pub action: String,
-    pub actor: String,
     pub created_at: String,
 }
 
@@ -23,13 +22,12 @@ pub async fn run(
     struct Row {
         version: i64,
         action: String,
-        actor: String,
         created_at: chrono::DateTime<chrono::Utc>,
     }
 
     let rows: Vec<Row> = if let Some(uid) = user_id {
         sqlx::query_as(
-            "SELECT version, action, actor, created_at FROM entries_history \
+            "SELECT version, action, created_at FROM entries_history \
              WHERE namespace = $1 AND kind = $2 AND name = $3 AND user_id = $4 \
              ORDER BY id DESC LIMIT $5",
         )
@@ -42,7 +40,7 @@ pub async fn run(
         .await?
     } else {
         sqlx::query_as(
-            "SELECT version, action, actor, created_at FROM entries_history \
+            "SELECT version, action, created_at FROM entries_history \
              WHERE namespace = $1 AND kind = $2 AND name = $3 AND user_id IS NULL \
              ORDER BY id DESC LIMIT $4",
         )
@@ -59,7 +57,6 @@ pub async fn run(
         .map(|r| HistoryEntry {
             version: r.version,
             action: r.action,
-            actor: r.actor,
             created_at: r.created_at.format("%Y-%m-%dT%H:%M:%SZ").to_string(),
         })
         .collect())