feat(audit): add structured audit logging for signing operations (#5)

Implements comprehensive audit logging using tracing + tracing-subscriber:

- Add audit module with JSON-formatted event logging
- Log signing attempts, successes, and failures with correlation IDs
- Log verification attempts and results
- PII redaction for email addresses (us***@example.com)
- Error message sanitization to prevent secret leakage
- CLI flags: --audit (stderr) and --audit-file <FILE>

Event types:
- signing.attempt / signing.success / signing.failure
- verification.attempt / verification.success / verification.failure
- key.generated

Closes #5

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>

Author: avrabe