fix(api): wrap audit log writes inside their parent transactions

Prevents mutations from committing without an audit trail if the
auditLog.create call fails after the main write already succeeded.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

packages/api/src/__tests__/assistant-tools-estimate-test-helpers.ts

@@ -21,8 +21,10 @@ export function createToolContext(
   },
 ): ToolContext {
   const userRole = options?.userRole ?? SystemRole.ADMIN;
+  const mergedDb: Record<string, unknown> = { ...db };
+  mergedDb["$transaction"] = vi.fn(async (fn: (tx: unknown) => unknown) => fn(mergedDb));
   return {
-    db: db as ToolContext["db"],
+    db: mergedDb as ToolContext["db"],
     userId: "user_1",
     userRole,
     permissions: new Set(options?.permissions ?? []),