feat: anonymize audit logs on user hard-delete and fix host audit log team assignment

Anonymize audit logs when soft-deleted users are purged after 15 days:
actor_name set to 'deleted-user', actor_id and resource_id nulled,
email stripped from member metadata. Per-user delete ensures no user
is removed without successful anonymization.

Frontend renders deleted-user as a styled red badge in audit log view.

Fix shared host create/delete audit logs landing in admin's personal
team — now correctly assigned to PlatformTeamID.

pkg/db/users.sql.go

@@ -183,15 +183,6 @@ func (q *Queries) GetUserByID(ctx context.Context, id pgtype.UUID) (User, error)
 	return i, err
 }
 
-const hardDeleteExpiredUsers = `-- name: HardDeleteExpiredUsers :exec
-DELETE FROM users WHERE deleted_at IS NOT NULL AND deleted_at < NOW() - INTERVAL '15 days'
-`
-
-func (q *Queries) HardDeleteExpiredUsers(ctx context.Context) error {
-	_, err := q.db.Exec(ctx, hardDeleteExpiredUsers)
-	return err
-}
-
 const hardDeleteUser = `-- name: HardDeleteUser :exec
 DELETE FROM users WHERE id = $1
 `
@@ -334,6 +325,30 @@ func (q *Queries) InsertUserOAuth(ctx context.Context, arg InsertUserOAuthParams
 	return i, err
 }
 
+const listExpiredSoftDeletedUsers = `-- name: ListExpiredSoftDeletedUsers :many
+SELECT id FROM users WHERE deleted_at IS NOT NULL AND deleted_at < NOW() - INTERVAL '15 days'
+`
+
+func (q *Queries) ListExpiredSoftDeletedUsers(ctx context.Context) ([]pgtype.UUID, error) {
+	rows, err := q.db.Query(ctx, listExpiredSoftDeletedUsers)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	var items []pgtype.UUID
+	for rows.Next() {
+		var id pgtype.UUID
+		if err := rows.Scan(&id); err != nil {
+			return nil, err
+		}
+		items = append(items, id)
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	return items, nil
+}
+
 const listUsersAdmin = `-- name: ListUsersAdmin :many
 SELECT
     u.id,