Add enforcement journal query RPC with guild-scoped privacy filters

[Copilot]

Implements API to query enforcement journals with automatic privacy filtering based on guild membership and privilege levels. Addresses requirement to expose enforcement records while protecting moderator PII across guild boundaries.

Implementation

• RPC endpoint enforcement/journal/query accepts user_id and optional group_ids[]
• Guild-scoped access: Returns only entries for guilds where requester is a member
• Privilege-based redaction: Hides enforcer_user_id, enforcer_discord_id, and notes fields unless requester has auditor role in that specific guild
• Per-guild privilege checks: Same requester can be auditor in Guild A (sees all fields) and member in Guild B (sees only public fields)

API

Request:

{
  "user_id": "target-player-id",
  "group_ids": ["guild-a", "guild-b"]  // optional filter
}

Response (auditor view):

{
  "user_id": "target-player-id",
  "entries": [{
    "id": "record-id",
    "group_id": "guild-a",
    "enforcer_user_id": "mod-id",           // only if auditor
    "enforcer_discord_id": "discord-id",    // only if auditor
    "notes": "internal moderator notes",    // only if auditor
    "suspension_notice": "user-facing text",
    "suspension_expiry": "2024-01-20T00:00:00Z",
    "is_voided": false
  }]
}

Privacy Model

• Entries from guilds requester doesn't belong to: completely excluded
• Privileged fields in accessible guilds: included only if auditor
• Void details (voided_by_user_id, void_notes): same privilege rules apply
• Global operators: see all guilds and all fields

Files

• evr_runtime_rpc_enforcement.go - RPC implementation with privacy filtering
• evr_runtime_rpc_enforcement_test.go - 11 test cases covering guild/privilege scenarios
• ENFORCEMENT_JOURNAL_QUERY_API.md - API documentation with 6 usage examples
• ENFORCEMENT_JOURNAL_QUERY_SECURITY.md - Security analysis and approval

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Design and implement enforcement log query interface with fine-grained privacy filters</issue_title>
<issue_description>### Overview
Design and implement an enforcement log query interface capable of providing a filtered view of enforcement journal entries for a specified player and/or set of guilds. This interface must apply access controls and filter entries that do not match the provided guild group IDs or privilege levels.

Requirements

• Access and present the enforcement journal for a given player, supporting queries by player ID and a set of target guild group IDs (input format must be idiomatic and unambiguous).
• Filter entries to exclude any that are not within the specified guild group IDs or that fall outside the current user's privilege level.
• Architect a filtering system for privileged information (e.g., moderator user_id, moderator notes):
  • The moderator_user_id and moderator notes should be present only for entries involving guilds the requester is authorized to view at the moderator privilege level.
  • Entries referencing other guilds must not include moderator notes or PII fields if access is not granted.
• Define and document the idiomatic format for passing group IDs and privilege levels within the API/query interface.
• Reference: Remove Discord UserID from Default Suspension Embed Text

Acceptance Criteria

• The enforcement log query interface returns journal entries limited to the specified player and filterable per-guild and privilege.
• Fields containing moderator user_id and notes are included or withheld per access policy as described.
• Interface design and endpoint input schema are documented and idiomatic to the codebase conventions.
• Security review and privacy implications are considered, including edge cases for guild operator and global operator privilege checks.

Notes

• Extensible support for future audit/event log types is strongly preferred.
• Document resulting interface/API and intended usage, including sample queries, expected responses, and failure cases.

---

Related: #129</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes EchoTools/nakama#152

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.