[keycloak-dev] Update on audit

[Stian Thorgersen]

Work completed:

* Added AuditListener SPI (https://github.com/keycloak/keycloak/blob/master/audit/api/src/main/java/org/keycloak/audit/AuditListener.java)
* Added JBoss Logging AuditListener implementation (this is used by default for all realms atm)
* Added audit events for token service, social, account management and required actions

Remaining work:

* Add a AuditProvider SPI (extends AuditListener to add querying for events)
* Add implementations of AuditProvider - atm I'm thinking a JPA and Mongo providers as a sensible starting point (with an option to remove events after N days). I've considered parsing logs, but I'm pretty sure that won't work for account management (and will also be quite limiting for admin console)
* Allow configuring audit listeners/providers for a realm through admin console
* View events associated with user in account management
* View all events in admin console
* Audit events for admin

Related:

* AuditListener/Provider could be useful for brute force protection
* AuditListener could be used to allow applications to listen for user creation/update/deletion to sync user details into a separate database / maybe we could add a UserListener interface?