docs: update for v1.5.0 features

- Add PKI audit logging, request duration metrics to features list
- Update test count from 216 to 283
- Add audit.py and metrics.py to project structure
- Document audit logging in api.md
- Update TASKLIST.md with completed tasks
- Update TODO.md (remove resolved debt items)
- Update ROADMAP.md decision log

documentation/api.md

@@ -1198,3 +1198,36 @@ curl -H "X-SSL-Client-SHA1: $(openssl x509 -in client.crt -fingerprint -sha1 -no
 
 | Event | Trigger | Details |
 |-------|---------|---------|
+| `cert_issued` | Certificate registration or issuance | Type, CN, fingerprint, expiry |
+| `cert_revoked` | Certificate revocation | Serial, fingerprint |
+| `auth_failure` | Revoked/expired certificate used | Fingerprint, reason |
+
+**Log Format (production):**
+```json
+{
+  "time": "2024-12-24T10:30:00",
+  "level": "INFO",
+  "logger": "app.audit",
+  "event": "cert_issued",
+  "outcome": "success",
+  "client_id": "a1b2c3d4...",
+  "client_ip": "192.168.1.100",
+  "details": {"type": "registration", "common_name": "alice"}
+}
+```
+
+**Notes:**
+- Audit logs are written to stdout in JSON format (production mode)
+- Events include client IP and certificate fingerprint for traceability
+- AUTH_FAILURE events are logged when revoked/expired certificates are used
+  "outcome": "success",
+  "client_id": "a1b2c3d4...",
+  "client_ip": "192.168.1.100",
+  "details": {"type": "registration", "common_name": "alice"}
+}
+```
+
+**Notes:**
+- Audit logs are written to stdout in JSON format (production mode)
+- Events include client IP and certificate fingerprint for traceability
+- AUTH_FAILURE events are logged when revoked/expired certificates are used