feat: add community enhancements — password reset, audit logs, multi-source backup

Three community-requested features:

1. CLI password reset: `backupx reset-password --username admin --password xxx`
   Docker users can run via `docker exec`. No full app init needed.

2. Audit logging: async fire-and-forget audit trail for all key operations
   (login, CRUD on tasks/targets/records, settings changes).
   New UI page at /audit with category filter and pagination.

3. Multi-source path backup: file backup tasks now support multiple source
   directories packed into a single tar archive. Backward compatible with
   existing single sourcePath field.

server/internal/app/app.go

@@ -95,6 +95,14 @@ func New(ctx context.Context, cfg config.Config, version string) (*Application,
 	dashboardService := service.NewDashboardService(backupTaskRepo, backupRecordRepo, storageTargetRepo)
 	settingsService := service.NewSettingsService(systemConfigRepo)
 
+	// Audit
+	auditLogRepo := repository.NewAuditLogRepository(db)
+	auditService := service.NewAuditService(auditLogRepo)
+	authService.SetAuditService(auditService)
+
+	// Database discovery
+	databaseDiscoveryService := service.NewDatabaseDiscoveryService(backup.NewOSCommandExecutor())
+
 	// Cluster: Node management
 	nodeRepo := repository.NewNodeRepository(db)
 	nodeService := service.NewNodeService(nodeRepo)
@@ -115,8 +123,10 @@ func New(ctx context.Context, cfg config.Config, version string) (*Application,
 		NotificationService:    notificationService,
 		DashboardService:       dashboardService,
 		SettingsService:        settingsService,
-		NodeService:            nodeService,
-		JWTManager:             jwtManager,
+		NodeService:              nodeService,
+		DatabaseDiscoveryService: databaseDiscoveryService,
+		AuditService:            auditService,
+		JWTManager:               jwtManager,
 		UserRepository:         userRepo,
 		SystemConfigRepo:       systemConfigRepo,
 	})