server: populate audit UserID on credential mutations + slog prune push errors

Switch handleSetHostCredentials, handleSetAdminCredentials, and
handleDeleteAdminCredentials from authedUser (bool) to requireUser
(*store.User) so AuditEntry.UserID and Actor are populated correctly.
Add slog.Warn on the non-ErrNotFound pushAdminCredsToAgent path in
handleRunRepoPrune so decrypt/send failures surface in the server log
rather than appearing as a generic host_offline 503.

internal/server/http/host_credentials_test.go

@@ -262,11 +262,12 @@ func TestAdminCredsPushOnSet(t *testing.T) {
 }
 
 // TestDeleteAdminCredentialsAuditLogged checks that DELETE appends an
-// audit row with action='host.admin_credentials_deleted'.
+// audit row with action='host.admin_credentials_deleted' and that the
+// row carries the acting user's ID.
 func TestDeleteAdminCredentialsAuditLogged(t *testing.T) {
 	t.Parallel()
 	_, url, st := newTestServerWithHub(t)
-	cookie := loginAsAdmin(t, st)
+	cookie, userID := loginAsAdminWithID(t, st)
 	hostID := makeHost(t, st, "audit-del-host")
 
 	ctx := context.Background()
@@ -287,9 +288,10 @@ func TestDeleteAdminCredentialsAuditLogged(t *testing.T) {
 		t.Fatalf("delete: want 204, got %d", status)
 	}
 
-	// Query audit_log for the host.
+	// Query audit_log for the delete row — action, user_id.
 	rows, err := st.DB().QueryContext(ctx,
-		`SELECT action FROM audit_log WHERE target_id = ? AND target_kind = 'host'`, hostID)
+		`SELECT action, user_id FROM audit_log WHERE target_id = ? AND target_kind = 'host' AND action = 'host.admin_credentials_deleted'`,
+		hostID)
 	if err != nil {
 		t.Fatalf("query audit: %v", err)
 	}
@@ -298,11 +300,15 @@ func TestDeleteAdminCredentialsAuditLogged(t *testing.T) {
 	found := false
 	for rows.Next() {
 		var action string
-		if err := rows.Scan(&action); err != nil {
+		var gotUserID *string
+		if err := rows.Scan(&action, &gotUserID); err != nil {
 			t.Fatalf("scan: %v", err)
 		}
-		if action == "host.admin_credentials_deleted" {
-			found = true
+		found = true
+		if gotUserID == nil {
+			t.Error("audit row: user_id is NULL, want non-nil")
+		} else if *gotUserID != userID {
+			t.Errorf("audit row: user_id=%q, want %q", *gotUserID, userID)
 		}
 	}
 	if err := rows.Err(); err != nil {
@@ -312,3 +318,53 @@ func TestDeleteAdminCredentialsAuditLogged(t *testing.T) {
 		t.Error("audit row with action='host.admin_credentials_deleted' not found")
 	}
 }
+
+// TestSetAdminCredentialsAuditCarriesUserID checks that PUT
+// /api/hosts/{id}/admin-credentials appends an audit row with the
+// correct action and a non-nil UserID matching the acting session.
+func TestSetAdminCredentialsAuditCarriesUserID(t *testing.T) {
+	t.Parallel()
+	_, url, st := newTestServerWithHub(t)
+	cookie, userID := loginAsAdminWithID(t, st)
+	hostID := makeHost(t, st, "audit-set-admin-host")
+
+	ctx := context.Background()
+
+	status, body := doJSON(t, url, "PUT", "/api/hosts/"+hostID+"/admin-credentials",
+		map[string]any{
+			"repo_url":      "rest:http://admin.example/h",
+			"repo_password": "s3cr3t",
+		}, cookie)
+	if status != 204 {
+		t.Fatalf("set: want 204, got %d body=%+v", status, body)
+	}
+
+	rows, err := st.DB().QueryContext(ctx,
+		`SELECT action, user_id FROM audit_log WHERE target_id = ? AND target_kind = 'host' AND action = 'host.admin_credentials_set'`,
+		hostID)
+	if err != nil {
+		t.Fatalf("query audit: %v", err)
+	}
+	defer rows.Close()
+
+	found := false
+	for rows.Next() {
+		var action string
+		var gotUserID *string
+		if err := rows.Scan(&action, &gotUserID); err != nil {
+			t.Fatalf("scan: %v", err)
+		}
+		found = true
+		if gotUserID == nil {
+			t.Error("audit row: user_id is NULL, want non-nil")
+		} else if *gotUserID != userID {
+			t.Errorf("audit row: user_id=%q, want %q", *gotUserID, userID)
+		}
+	}
+	if err := rows.Err(); err != nil {
+		t.Fatalf("rows: %v", err)
+	}
+	if !found {
+		t.Error("audit row with action='host.admin_credentials_set' not found")
+	}
+}