feat(#149): add export-to-CSV for admin audit log and consistency check

[Ebenezer199914]

• Add lib/csv-export.ts: buildCsv (RFC 4180) and downloadCsv utilities
• Add app/api/admin/audit-log/route.ts: GET endpoint returning all pool activity rows with a consistency check (activity net vs recorded total_saved, tolerance 0.01 XLM)
• Add components/group/admin-audit-log.tsx: admin-only card with date-stamped row list, consistency banner, and Export CSV button
• Wire AdminAuditLog into dashboard/group/[id]/page.tsx (creator only)
• Fix pre-existing merge-conflict corruption in group-actions.tsx (duplicate import block and orphaned JSX close tag removed, interface and function signature unified with creatorAddress + isPaused)
• Add lib/csv-export.test.ts: 11 unit tests (buildCsv + consistency logic)
• Add pnpm test:unit script using tsx --test
• Add .github/workflows/frontend-unit-tests.yml CI workflow

Closes #149

Description

Closes # (issue)

Type of Change

• feat: new feature
• fix: bug fix
• chore: maintenance, tooling, dependencies
• docs: documentation only
• refactor: code restructuring (no functional changes)
• test: adding or updating tests

How Has This Been Tested?

• cargo test passes (smart contracts)
• pnpm build succeeds (frontend)
• pnpm lint passes (frontend)
• Manual testing (describe below)

Checklist

• My code follows the coding conventions of this project
• I have added/updated tests if needed
• I have updated documentation if needed
• My changes generate no new warnings or errors

Screenshots (if applicable)

[Sendi0011]

Really appreciate this — especially the group-actions.tsx fix, that's been a known issue for a while and this resolves it cleanly (verified it parses correctly now). The audit log feature and the new CSV utility are both nicely built too, good test coverage on the utility especially.
Two things before merging, though:

1: The new csv-export.ts utility is only wired up to the audit log — the existing Transactions tab export wasn't touched, and it still has the token-symbol and locale-dependent date issues the original issue was about. Could we point transactions.tsx's export at the new shared utility too, so this fully closes out #149?

2: The audit log API route's own comment notes the creator-check only happens client-side — meaning anyone could call the endpoint directly with any pool ID and get the data back regardless of whether they're the actual creator. Since rate limiting's already wired in here, it'd be a small addition to also verify the requester server-side. Happy to help think through the verification approach if useful.

Once those are in, this is in great shape — and thanks again for catching and fixing the group-actions.tsx issue along the way.

[Sendi0011]

Really appreciate this — especially the group-actions.tsx fix, that's been a known issue for a while and this resolves it cleanly (verified it parses correctly now). The audit log feature and the new CSV utility are both nicely built too, good test coverage on the utility especially. Two things before merging, though:

1: The new csv-export.ts utility is only wired up to the audit log — the existing Transactions tab export wasn't touched, and it still has the token-symbol and locale-dependent date issues the original issue was about. Could we point transactions.tsx's export at the new shared utility too, so this fully closes out #149?

2: The audit log API route's own comment notes the creator-check only happens client-side — meaning anyone could call the endpoint directly with any pool ID and get the data back regardless of whether they're the actual creator. Since rate limiting's already wired in here, it'd be a small addition to also verify the requester server-side. Happy to help think through the verification approach if useful.

Once those are in, this is in great shape — and thanks again for catching and fixing the group-actions.tsx issue along the way.

Merging this since no response for quite a while now. Creating a sub issue around the flags