feat: program management

- ProgramController: full CRUD, publish, close, delete (guarded if attendance exists)
- StoreProgramRequest + UpdateProgramRequest with Malay attribute names
- AuditLogService: logs admin actions, redacts sensitive fields (no_kp, token, password)
- Program index: search, status filter, pagination (Bootstrap 5)
- Program create/edit: shared _form partial with all fields (dates, sessions, walk-in toggle)
- Program show: tab layout (participants, qr, template, questionnaire, statistics)
- Bootstrap 5 pagination via Paginator::useBootstrapFive()

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

app/Services/AuditLogService.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Services;
+
+use App\Models\AuditLog;
+use Illuminate\Database\Eloquent\Model;
+
+class AuditLogService
+{
+    public static function log(
+        string $action,
+        ?Model $model = null,
+        array $oldValues = [],
+        array $newValues = []
+    ): void {
+        try {
+            AuditLog::create([
+                'user_id'        => auth()->id(),
+                'action'         => $action,
+                'auditable_type' => $model ? get_class($model) : null,
+                'auditable_id'   => $model?->getKey(),
+                'old_values'     => self::redact($oldValues),
+                'new_values'     => self::redact($newValues),
+                'ip_address'     => request()->ip(),
+                'user_agent'     => substr(request()->userAgent() ?? '', 0, 500),
+            ]);
+        } catch (\Throwable) {
+            // Audit log failure must not break the main flow.
+        }
+    }
+
+    private static function redact(array $values): array
+    {
+        // Never log these sensitive fields.
+        $sensitive = ['no_kp', 'password', 'token', 'remember_token'];
+
+        return array_diff_key($values, array_flip($sensitive));
+    }
+}