fix: retention_handlers.go — getSession/audlog.Log-Signatur korrigiert

Ersetzt nicht-existente getSession(r) durch sessionFromCtx(r.Context()) und
passt den audlog.Log-Aufruf auf die korrekte audit.Entry-Struct-Signatur an.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

internal/api/retention_handlers.go

@@ -2,8 +2,11 @@ package api
 
 import (
 	"encoding/json"
+	"fmt"
 	"net/http"
 	"strconv"
+
+	"github.com/archivmail/internal/audit"
 )
 
 // handlePurge deletes all mails whose retention period has expired.
@@ -56,11 +59,14 @@ func (s *Server) handleSetTenantRetention(w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	sess := getSession(r)
+	sess := sessionFromCtx(r.Context())
 	if s.audlog != nil {
-		_ = s.audlog.Log(r.Context(), sess.UserID, "tenant_retention_changed", map[string]interface{}{
-			"tenant_id":     tenantID,
-			"retention_days": body.RetentionDays,
+		s.audlog.Log(audit.Entry{
+			EventType: "tenant_retention_changed",
+			Username:  sess.Username,
+			IPAddress: s.remoteIP(r),
+			Success:   true,
+			Detail:    fmt.Sprintf("tenant_id=%d retention_days=%d", tenantID, body.RetentionDays),
 		})
 	}