Add an audit log

[mike-marcacci]

One of the final pieces for AuthX 2.0 is the creation and publication of an audit log. The schema itself already enforces this for writes, but we are currently not tracking reads or failed attempted writes.

• [x] Track all writes
• [ ] Come up with schema for audit logs, including reads and rejected attempts
• [ ] Come up with API for exposing this over GraphQL
• [ ] Come up with scopes for restricting access to audit log

[mike-marcacci]

This is one possible strategy I've had bouncing around in my head. This mostly answers the question "who has viewed what, and when", although by not reporting which fields of which entity were displayed, it potentially over-reports.

Example SQL

```sql CREATE TABLE authx.query ( # The id in this case should be a UUID v5, hashing the content of the query. id UUID PRIMARY KEY, content TEXT NOT NULL ); CREATE TABLE authx.request ( id UUID PRIMARY KEY, query_id UUID NOT NULL REFERENCES authx.query, authorization_id UUID DEFAULT NULL REFERENCES authx.authorization, created_at TIMESTAMP WITHOUT TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP, ); ALTER authx.record ADD COLUMN created_by_request_id UUID NOT NULL REFERENCES authx.request DEFERRABLE INITIALLY DEFERRED; CREATE TABLE authx.request_authority ( id UUID PRIMARY KEY request_id UUID NOT NULL REFERENCES authx.request, record_id UUID NOT NULL REFERENCES authx.authority_record ) CREATE TABLE authx.request_client ( id UUID PRIMARY KEY request_id UUID NOT NULL REFERENCES authx.request, record_id UUID NOT NULL REFERENCES authx.client_record ) CREATE TABLE authx.request_credential ( id UUID PRIMARY KEY request_id UUID NOT NULL REFERENCES authx.request, record_id UUID NOT NULL REFERENCES authx.credential_record ) CREATE TABLE authx.request_grant ( id UUID PRIMARY KEY request_id UUID NOT NULL REFERENCES authx.request, record_id UUID NOT NULL REFERENCES authx.grant_record ) CREATE TABLE authx.request_role ( id UUID PRIMARY KEY request_id UUID NOT NULL REFERENCES authx.request, record_id UUID NOT NULL REFERENCES authx.role_record ) CREATE TABLE authx.request_session ( id UUID PRIMARY KEY request_id UUID NOT NULL REFERENCES authx.request, record_id UUID NOT NULL REFERENCES authx.session_record ) CREATE TABLE authx.request_authorization ( id UUID PRIMARY KEY request_id UUID NOT NULL REFERENCES authx.request, record_id UUID NOT NULL REFERENCES authx.authorization_record ) CREATE TABLE authx.request_user ( id UUID PRIMARY KEY request_id UUID NOT NULL REFERENCES authx.request, record_id UUID NOT NULL REFERENCES authx.user_record ) ```

---

The real challenge here is the volume of requests in access logs. Currently, we keep this kind of information (and much, much more) in systems designed specifically for this purpose (either ELK or Stackdriver, depending on the system).

A better approach may be to simply provide tools and/or guidance on how to effectively use structured logging tools with AuthX to accomplish the goals here.

[mike-marcacci]

The main driver of this feature was solved by #72. This issue_does describe some additional functionality that is usually accomplished via logging in the actual implementing app, which could be reintroduced as a new ticket if the needed.