Implement audit logging

Description

Implement audit logging as set out in #34 (closed)

Further details

Task list

• Update code to ensure audit logs are written at an INFO level.
• Audit logs should have an identifiable message or an identifiable key in the JSON payload that marks them as audit logs.
  • This is so the logs can be captured separately in GCP by a log sink

Acceptance criteria

• Audit logs are written by the API, and are distinguishable from general logs

Links/references