Add audit log UI and backend API seeded E2E

- Add Auth Context route role guards so doctors cannot directly enter template management, user management, or audit logs.

- Add Audit Logs page, sidebar entry, frontend audit API client, and API client test.

- Add backend audit log query endpoint with super/admin visibility rules and query filtering.

- Extend PostgreSQL integration tests to cover audit log query permissions.

- Move Playwright E2E away from localStorage seed data to real backend API login and seed helpers.

- Add E2E coverage for route guards and audit log visibility.

- Run Playwright backend on port 3100 and proxy Vite API requests there to avoid local port conflicts.

- Make server:dev use the compiled NestJS server path, avoiding tsx parameter-property injection issues.

- Update README, AGENTS, feature, testing, security, deployment, progress, API, backendization, and auth/user module docs.

e2e/audit-and-route-guards.spec.ts

@@ -0,0 +1,21 @@
+import { expect, test } from '@playwright/test';
+import { createReportByApi, loginByApi, uniqueId } from './helpers';
+
+test('route guards block doctors from admin pages and super users can view audit logs', async ({ page }) => {
+  await loginByApi(page, '0001');
+  await page.goto('/user-manage');
+  await page.waitForURL('**/dashboard');
+  await expect(page.getByRole('heading', { name: '工作台概览' })).toBeVisible();
+
+  const title = `审计验证报告 ${uniqueId('audit')}`;
+  await createReportByApi(page.request, {
+    title,
+    content: `<p>${title}</p>`,
+    status: 'completed',
+  });
+
+  await loginByApi(page, 'admin');
+  await page.goto('/audit-logs');
+  await expect(page.getByRole('heading', { name: '审计日志' })).toBeVisible();
+  await expect(page.locator('tbody').getByText('完成报告').first()).toBeVisible();
+});