refactor(db): 移除无意义 actor，修复 history 多租户与模型

- 删除 entries_history / audit_log / secrets_history 的 actor 列及写入逻辑
- MCP secrets_history 透传当前 user_id
- Entry 增加 user_id，search 查询不再用伪 UUID
- 迁移：保留 users.api_key，从 api_keys 表回退时生成新明文 key 并删表
- 文档：audit_log auth 语义、API Key 存储说明

Made-with: Cursor

crates/secrets-mcp/src/web.rs

@@ -321,11 +321,6 @@ where
             StatusCode::INTERNAL_SERVER_ERROR
         })?;
 
-    // Ensure the user has an API key (auto-creates on first login).
-    if let Err(e) = ensure_api_key(&state.pool, user.id).await {
-        tracing::warn!(error = %e, "failed to ensure api key for user");
-    }
-
     session
         .insert(SESSION_USER_ID, user.id.to_string())
         .await
@@ -642,6 +637,7 @@ fn render_template<T: Template>(tmpl: T) -> Result<Response, StatusCode> {
 }
 
 fn format_audit_target(namespace: &str, kind: &str, name: &str) -> String {
+    // Auth events reuse kind/name as a provider-scoped target, not an entry identity.
     if namespace == "auth" {
         format!("{}/{}", kind, name)
     } else {