fix(audit): populate user_name in createAuditTrailEntry

The migration (Version1Date20260423100000) relaxed NOT NULL on
`user_name` so referential-integrity rows can land without a
displayable actor. The risk: the relax applies unconditionally, so
any future code path that forgets to set `user_name` for a normal
create/update silently inserts a row with no human-readable trace
of the actor.

`createAuditTrailEntry()` (used by ImportService and downstream
consumers) was such a path — it set `user`, but never `user_name`.
Backfill from `$user->getDisplayName()` when a session user is
present, fall back to `'System'` (matches the convention in
`createAuditTrail()`).

A migration-level CHECK constraint (`(user_name IS NOT NULL) OR
(action LIKE 'referential_integrity.%')`) is the more durable
answer; this fix is the in-mapper backstop.

Refs: #1419 review (concern 9) — discussion_r3187494503

Author: rubenvdlinde

lib/Db/AuditTrailMapper.php

@@ -1505,6 +1505,16 @@ public function createAuditTrailEntry(
         $auditTrail->setAction($action);
         $auditTrail->setChanged($context);
         $auditTrail->setUser($userId);
+
+        // SECURITY / AVG: keep `user_name` populated even though the
+        // migration (Version1Date20260423100000) relaxed NOT NULL on
+        // the column to support referential-integrity rows that have
+        // no displayable actor. Without this default, every audit row
+        // produced through this entry point would persist with a NULL
+        // `user_name` — undermining GDPR Art 30 §4 supervisor review.
+        $userName = $user !== null ? $user->getDisplayName() : 'System';
+        $auditTrail->setUserName($userName);
+
         $auditTrail->setCreated(new DateTime());
 
         return $this->insert(entity: $auditTrail);