refactor(db): 移除无意义 actor，修复 history 多租户与模型

- 删除 entries_history / audit_log / secrets_history 的 actor 列及写入逻辑
- MCP secrets_history 透传当前 user_id
- Entry 增加 user_id，search 查询不再用伪 UUID
- 迁移：保留 users.api_key，从 api_keys 表回退时生成新明文 key 并删表
- 文档：audit_log auth 语义、API Key 存储说明

Made-with: Cursor

crates/secrets-core/src/service/search.rs

@@ -131,7 +131,7 @@ async fn fetch_entries_paged(pool: &PgPool, a: &SearchParams<'_>) -> Result<Vec<
     };
 
     let sql = format!(
-        "SELECT id, COALESCE(user_id, '00000000-0000-0000-0000-000000000000'::uuid) AS user_id, \
+        "SELECT id, user_id, \
          namespace, kind, name, tags, metadata, version, created_at, updated_at \
          FROM entries {where_clause} ORDER BY {order} LIMIT ${limit_idx} OFFSET ${offset_idx}"
     );
@@ -212,8 +212,7 @@ pub async fn fetch_secrets_for_entries(
 #[derive(sqlx::FromRow)]
 struct EntryRaw {
     id: Uuid,
-    #[allow(dead_code)] // Selected for row shape; Entry model has no user_id field
-    user_id: Uuid,
+    user_id: Option<Uuid>,
     namespace: String,
     kind: String,
     name: String,
@@ -228,6 +227,7 @@ impl From<EntryRaw> for Entry {
     fn from(r: EntryRaw) -> Self {
         Entry {
             id: r.id,
+            user_id: r.user_id,
             namespace: r.namespace,
             kind: r.kind,
             name: r.name,