Audit log: silo-scoped audit log endpoint

[david-crespo]

In #7339, the audit log can only be retrieved by fleet viewers through a system-level endpoint, /v1/system/audit-log. We will probably want to allow silo admins to retrieve an audit log scoped to their silo. That will require:

• A silo-scoped /v1/audit-log endpoint accessible only to silo admins that does more or less what the system-level one does, plus where silo_id = <silo_id>
• A SiloAuditLog authz resource alongside AuditLog that is tied to a specific silo
• More robust logging of the silo an operation takes place in, specifically for login actions, which currently do not have an actor (see Audit log: log actor on successful login attempt #8816)

It seems unlikely that we will want to expose this to all silo viewers, but it's conceivable.