feat: add audit logging for applicant file uploads and deletions

Applicant saveFileMetadata and deleteFile mutations now log
APPLICANT_UPLOAD_FILE and APPLICANT_DELETE_FILE to the audit trail,
matching the admin file router's existing audit coverage.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/server/routers/applicant.ts

@@ -456,6 +456,24 @@ export const applicantRouter = router({
         }
       }
 
+      // Audit log
+      await logAudit({
+        prisma: ctx.prisma,
+        userId: ctx.user.id,
+        action: 'APPLICANT_UPLOAD_FILE',
+        entityType: 'ProjectFile',
+        entityId: file.id,
+        detailsJson: {
+          projectId,
+          fileName: input.fileName,
+          fileType: input.fileType,
+          roundId: roundId || null,
+          isLate: isLate || false,
+        },
+        ipAddress: ctx.ip,
+        userAgent: ctx.userAgent,
+      })
+
       // Auto-analyze document (fire-and-forget, delayed for presigned upload)
       import('../services/document-analyzer').then(({ analyzeFileDelayed }) =>
         analyzeFileDelayed(file.id).catch((err) =>
@@ -518,6 +536,23 @@ export const applicantRouter = router({
         where: { id: input.fileId },
       })
 
+      // Audit log
+      await logAudit({
+        prisma: ctx.prisma,
+        userId: ctx.user.id,
+        action: 'APPLICANT_DELETE_FILE',
+        entityType: 'ProjectFile',
+        entityId: input.fileId,
+        detailsJson: {
+          projectId: file.project.id,
+          fileName: file.fileName,
+          fileType: file.fileType,
+          roundId: file.roundId,
+        },
+        ipAddress: ctx.ip,
+        userAgent: ctx.userAgent,
+      })
+
       return { success: true }
     }),