docs: add logging quality audit

[Microck]

Add comprehensive logging audit report identifying gaps and recommendations.

What this PR does:

• Documents current logging infrastructure using the tracing crate
• Catalogs all existing log statements across main.rs, scan.rs, and verdict.rs
• Identifies 7+ critical gaps in observability across scan lifecycle, external service calls, and detector execution
• Provides prioritized recommendations with concrete code examples
• Establishes logging conventions for future development (info/warn/debug/error usage, structured fields, trace correlation)

Key gaps identified:

1. HIGH: No scan lifecycle logging (init, progress, completion, verdict)
2. HIGH: No external service call logging (MalwareBazaar, AI API)
3. MEDIUM: No detector execution summary or YARA scan logging
4. MEDIUM: No profile building or mod metadata extraction logging

Current state:

• Only 11 log statements across 25+ source files
• No logs use scan_id/upload_id for trace correlation
• No performance metrics (timing, duration)
• No debug-level logs for troubleshooting

Recommendations include:

• Scan lifecycle instrumentation with structured fields
• External service request/response logging with timing
• Detector execution summaries by category and severity
• Dedicated logging helpers module for consistency

Nightshift-Task: logging-audit
Nightshift-Ref: https://github.com/marcus/nightshift