feat: admin audit logging across all admin actions

- AdminLogger: JSON-lines → /var/log/xamxam.log (prod) / storage/logs/admin.log (dev)
  + best-effort DB mirror to admin_audit_log table
- DB: admin_audit_log table, share_links.is_archived column
- ShareLink: archive() replaces delete(), toggleActive() returns new state,
  listActive()/listArchived() split, validateLink blocks archived slugs
- All action handlers wired: publish, unpublish, visibility, delete, csv/db export,
  tfe add/edit, tags, pages, apropos, form-help, access-request, maintenance,
  settings (formulaire toggles, objet types, smtp update), smtp-test
- acces.php: archive button replaces delete; collapsible archived links section
- setup-server.sh: provision /var/log/xamxam.log (www-data:xamxam 640)

app/public/admin/actions/publish.php

@@ -5,6 +5,7 @@ require_once __DIR__ . '/../../../src/AdminAuth.php';
 AdminAuth::requireLogin();
 
 require_once __DIR__ . '/../../../src/Database.php';
+require_once __DIR__ . '/../../../src/AdminLogger.php';
 
 if (!isset($_POST['csrf_token'], $_SESSION['csrf_token'])
     || !hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
@@ -27,6 +28,8 @@ $published = ($action === 'publish');
 try {
     $db = new Database();
 
+    $logger = AdminLogger::make();
+
     if ($isBulk) {
         $ids = array_filter(array_map('intval', $_POST['selected_theses'] ?? []), fn($id) => $id > 0);
 
@@ -37,6 +40,7 @@ try {
         }
 
         $db->bulkSetPublished($ids, $published);
+        $logger->logPublish($published, array_values($ids));
         $count = count($ids);
         App::flash('success', $published
             ? "$count TFE(s) publié(s) avec succès."
@@ -52,6 +56,7 @@ try {
         }
 
         $db->setPublished($thesisId, $published);
+        $logger->logPublish($published, [$thesisId]);
         App::flash('success', $published ? 'TFE publié avec succès.' : 'TFE retiré de la publication.');
     }