feat: implement role-based access control and auth routes

This commit implements the role-based access control system as outlined in the project documentation. It includes:
- A requireRole middleware for protecting routes
- Auth routes for registration, login, profile management
- Audit logging for sensitive actions
- Role management endpoints
- Updated app.js to include audit logging middleware

backend/middleware/auditLogger.js

@@ -0,0 +1,28 @@
+// middleware/auditLogger.js
+const fs = require('fs').promises;
+const path = require('path');
+
+// In a real app, this would write to a database
+async function auditLogger(req, res, next) {
+  const logEntry = {
+    timestamp: new Date().toISOString(),
+    actorUserId: req.user?.id || 'anonymous',
+    action: `${req.method} ${req.path}`,
+    targetType: req.route?.path || 'unknown',
+    targetId: req.params?.id || 'unknown',
+    userAgent: req.get('User-Agent'),
+    ip: req.ip
+  };
+
+  // Log to file (in real app, this would be a DB insert)
+  try {
+    const logPath = path.join(__dirname, '../logs/audit.log');
+    await fs.appendFile(logPath, JSON.stringify(logEntry) + '\n');
+  } catch (error) {
+    console.error('Failed to write audit log:', error);
+  }
+
+  next();
+}
+
+module.exports = auditLogger;