feat(siteruntime): ExternalSystem.Call emits Audit Log #23 event on every sync call

Wraps IExternalSystemClient.CallAsync inside ScriptRuntimeContext's
ExternalSystemHelper so every script-initiated ExternalSystem.Call
produces exactly one ApiOutbound/ApiCall AuditEvent via IAuditWriter.

- Captures duration with Stopwatch.GetTimestamp() around the call.
- Builds the audit event with full provenance (SiteId, InstanceId,
  SourceScript) and a fresh EventId; ForwardState=Pending.
- Maps Success → AuditStatus.Delivered, Failure (or thrown) → Failed;
  parses HTTP {code} out of the ExternalSystemClient's error message
  to populate HttpStatus.
- Audit emission is fully best-effort: event-build failures, sync
  WriteAsync throws, AND async WriteAsync faults are all logged at
  Warning and swallowed so the script's call path is never aborted
  by an audit-write failure (alog.md §7).
- Original ExternalCallResult or original exception flows back to the
  caller unchanged.

ScriptExecutionActor resolves IAuditWriter from DI and threads it
into ScriptRuntimeContext alongside the existing site identity.

Adds ExternalSystemCallAuditEmissionTests covering: success →
Delivered, HTTP 500 → Failed+httpStatus, HTTP 400 → Failed+httpStatus,
client-thrown network exception → Failed with original exception
re-thrown, audit-writer throw → original result returned, provenance
populated from context, DurationMs recorded.

Refs Audit Log #23 M2 Bundle F.

src/ScadaLink.SiteRuntime/Actors/ScriptExecutionActor.cs

@@ -101,6 +101,10 @@ public class ScriptExecutionActor : ReceiveActor
                 // provider supplies the site id stamped on enqueued notifications.
                 StoreAndForwardService? storeAndForward = null;
                 var siteId = string.Empty;
+                // Audit Log #23 (M2 Bundle F): the writer is a singleton (FallbackAuditWriter
+                // composes the SQLite hot-path + drop-oldest ring); null in tests / hosts
+                // that haven't called AddAuditLog, which the helper handles as a no-op.
+                IAuditWriter? auditWriter = null;
 
                 if (serviceProvider != null)
                 {
@@ -110,6 +114,7 @@ public class ScriptExecutionActor : ReceiveActor
                     storeAndForward = serviceScope.ServiceProvider.GetService<StoreAndForwardService>();
                     siteId = serviceScope.ServiceProvider.GetService<ISiteIdentityProvider>()?.SiteId
                         ?? string.Empty;
+                    auditWriter = serviceScope.ServiceProvider.GetService<IAuditWriter>();
                 }
 
                 var context = new ScriptRuntimeContext(
@@ -128,7 +133,12 @@ public class ScriptExecutionActor : ReceiveActor
                     siteId,
                     // Notification Outbox (FU3): stamp the executing script onto outbound
                     // notifications using the Site Event Logging "Source" convention.
-                    sourceScript: $"ScriptActor:{scriptName}");
+                    sourceScript: $"ScriptActor:{scriptName}",
+                    // Audit Log #23 (M2 Bundle F): emit one ApiOutbound/ApiCall row per
+                    // ExternalSystem.Call. Writer is best-effort; failures are logged
+                    // and swallowed inside the helper so the script's call path is
+                    // never aborted by an audit failure.
+                    auditWriter: auditWriter);
 
                 var globals = new ScriptGlobals
                 {