fix(migration): correct app_users → users table references in V46/V47

The AppUser entity is mapped to the 'users' table (not 'app_users').
V46 had a broken REFERENCES clause and hardcoded role in REVOKE; V47 and the
native query in AuditLogQueryRepository had the same wrong table name.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/src/main/resources/db/migration/V46__add_audit_log.sql

@@ -6,7 +6,7 @@ CREATE TABLE audit_log (
     happened_at TIMESTAMPTZ NOT NULL    DEFAULT now(),
     -- ON DELETE SET NULL is by design: GDPR right-to-erasure. Deleted users' events
     -- retain their timestamp and kind but lose actor attribution.
-    actor_id    UUID        REFERENCES app_users(id) ON DELETE SET NULL,
+    actor_id    UUID        REFERENCES users(id) ON DELETE SET NULL,
     kind        VARCHAR(50) NOT NULL,
     document_id UUID        REFERENCES documents(id) ON DELETE CASCADE,
     payload     JSONB
@@ -19,4 +19,4 @@ CREATE INDEX idx_audit_log_kind        ON audit_log (kind);
 
 -- Enforce append-only at the database layer: the application role may INSERT
 -- but must not UPDATE or DELETE audit rows.
-REVOKE UPDATE, DELETE ON audit_log FROM app_user;
+REVOKE UPDATE, DELETE ON audit_log FROM CURRENT_USER;

backend/src/main/resources/db/migration/V47__add_user_color.sql

@@ -2,7 +2,7 @@
 -- Assigned at application layer (AppUser.java) from a fixed 8-colour palette.
 -- Also corrects V46's REVOKE which hardcoded 'app_user' instead of CURRENT_USER.
 
-ALTER TABLE app_users ADD COLUMN color VARCHAR(20) NOT NULL DEFAULT '';
+ALTER TABLE users ADD COLUMN color VARCHAR(20) NOT NULL DEFAULT '';
 
 -- Fix V46 append-only enforcement for the actual application role.
 REVOKE UPDATE, DELETE ON audit_log FROM CURRENT_USER;