feat(sofiia-console): protect audit endpoint with admin token

Made-with: Cursor

tests/test_sofiia_audit_auth.py

@@ -0,0 +1,12 @@
+from __future__ import annotations
+
+
+def test_audit_requires_key_when_not_configured(sofiia_client):
+    r = sofiia_client.get("/api/audit")
+    assert r.status_code == 401, r.text
+
+
+def test_audit_accepts_valid_x_api_key_when_configured(sofiia_client, monkeypatch):
+    monkeypatch.setenv("SOFIIA_CONSOLE_API_KEY", "audit-secret")
+    r = sofiia_client.get("/api/audit", headers={"X-API-Key": "audit-secret"})
+    assert r.status_code == 200, r.text