feat: add last_seen tracking for users

Adds last_seen field to track when users last accessed the tool:
- Add lastSeen column to users table schema (nullable timestamp)
- Create migration to add last_seen column to existing databases
- Add updateLastSeen() function to auth.service.js
- Update auth derive middleware to update last_seen on each authenticated request (async, non-blocking)
- Add lastSeen to admin getUserStats() query for display in admin users table
- Add "Last Seen" column to admin users table in frontend

Co-Authored-By: Claude <noreply@anthropic.com>

src/backend/index.js

@@ -12,6 +12,7 @@ import {
   getUserById,
   updateLoTWCredentials,
   updateDCLCredentials,
+  updateLastSeen,
 } from './services/auth.service.js';
 import {
   getSystemStats,
@@ -207,6 +208,14 @@ const app = new Elysia()
         return { user: null };
       }
 
+      // Update last_seen timestamp asynchronously (don't await)
+      updateLastSeen(payload.userId).catch((err) => {
+        // Silently fail - last_seen update failure shouldn't block requests
+        if (LOG_LEVEL === 'debug') {
+          logger.warn('Failed to update last_seen', { error: err.message });
+        }
+      });
+
       // Check if this is an impersonation token
       const isImpersonation = !!payload.impersonatedBy;