feat(postgres): migrate all route files from SQLite to pg pool

- All 16 route files now import pool from ../db directly
- Removed db parameter from all factory functions
- All callbacks replaced with async/await pool.query()
- All ? placeholders converted to $1, $2... numbered params
- datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING
- LIKE → ILIKE for case-insensitive searches
- Error detection: err.code === '23505' for unique violations
- server.js no longer passes pool/db/requireAuth to route factories
- Only ivantiFindings.js still receives pool (pending task 8 rewrite)

backend/helpers/auditLog.js

@@ -1,21 +1,19 @@
 // Audit Log Helper
 // Fire-and-forget insert - never blocks the response
+const pool = require('../db');
 
-function logAudit(db, { userId, username, action, entityType, entityId, details, ipAddress }) {
+function logAudit({ userId, username, action, entityType, entityId, details, ipAddress }) {
     const detailsStr = details && typeof details === 'object'
         ? JSON.stringify(details)
         : details || null;
 
-    db.run(
+    pool.query(
         `INSERT INTO audit_logs (user_id, username, action, entity_type, entity_id, details, ip_address)
-         VALUES (?, ?, ?, ?, ?, ?, ?)`,
-        [userId || null, username || 'unknown', action, entityType, entityId || null, detailsStr, ipAddress || null],
-        (err) => {
-            if (err) {
-                console.error('Audit log error:', err.message);
-            }
-        }
-    );
+         VALUES ($1, $2, $3, $4, $5, $6, $7)`,
+        [userId || null, username || 'unknown', action, entityType, entityId || null, detailsStr, ipAddress || null]
+    ).catch((err) => {
+        console.error('Audit log error:', err.message);
+    });
 }
 
 module.exports = logAudit;