Default Cairnloop.Auditor implementation backed by the governance audit trail.
list_events/1 surfaces the durable Cairnloop.Governance.ToolActionEvent rows that
the governed-action pipeline writes (every proposal/approval/execution transition),
read through the narrow Cairnloop.Governance facade (D-30). This makes the operator
Audit Log non-empty out of the box without the host having to wire its own auditor.
Events are normalized to the plain-map shape the audit surface expects:
%{inserted_at:, actor_id:, action:, reason:, metadata:}. action carries the
ToolActionEvent.event_type atom; Cairnloop.Web.AuditLogPresenter humanizes it.
audit/4 is a pass-through: governance co-commits its own ToolActionEvent rows, so
this auditor never needs to inject additional multi operations. Hosts that want their
own durable audit log alongside governance can configure a custom :auditor instead.