ALL-1873 PR-1: Add DATA_AUDIT source type — TS constant + DB migration

## ALL-1873 PR-1: DATA_AUDIT source type **Linear issue:** ALL-1873 — Feature: Data audit entrypoint for Data Review Center **Branch:** `wilbo/all-1873-data-audit-source-type` **Depends on:** nothing (first task) ### What to do 1. **`domains/identity/src/services/staging/sourceTypes.ts`** — add `DATA_AUDIT: "DATA_AUDIT"` to `STAGED_BATCH_SOURCE_TYPES` and `DATA_AUDIT: "Data audit"` to `SOURCE_TYPE_LABELS`. 2. **New Prisma migration** — `domains/identity/prisma/migrations/$(date +%Y%m%d)000000_staged_batch_source_type_data_audit/migration.sql` - Drop the existing `StagedBatch_sourceType_check` constraint (see `20260504000000_staged_batch_source_type_check_constraint/migration.sql` for the current list: BULK_UPLOAD, GIS_EXPORT, MDMS_FEED, API_INTEGRATION, WINDMIL_FLOW) - Re-add it including DATA_AUDIT: ```sql ALTER TABLE "StagedBatch" DROP CONSTRAINT "StagedBatch_sourceType_check"; ALTER TABLE "StagedBatch" ADD CONSTRAINT "StagedBatch_sourceType_check" CHECK ("sourceType" IN (BULK_UPLOAD, GIS_EXPORT, MDMS_FEED, API_INTEGRATION, WINDMIL_FLOW, DATA_AUDIT)); ``` - Run `npx prisma migrate dev --name staged_batch_source_type_data_audit` from `domains/identity/` 3. **`apps/dashboard/components/pages/DataReviewPage.tsx`** — add `{ value: "DATA_AUDIT", label: "Data audit" }` to `SOURCE_TYPE_OPTIONS` array (around line 36). This keeps the frontend filter in sync. ### Acceptance test - TypeScript compiles without errors in `domains/identity` - `STAGED_BATCH_SOURCE_TYPES.DATA_AUDIT` is exported and equals `"DATA_AUDIT"` - Migration SQL file exists and drops/re-creates the check constraint including `DATA_AUDIT` - `SOURCE_TYPE_LABELS["DATA_AUDIT"]` === `"Data audit"` - No existing unit tests broken ### Gotchas - The README at `domains/identity/src/services/staging/README.md` §2 says: ship migration → code, in that order. The migration must land in the same PR so CI runs them together in the test DB. - Do NOT modify any profile registry, scanner, or UI beyond the filter option — that is PR-2 through PR-4 territory. ### Out of scope - Audit runner service, scanner logic, profile registration, DRC UI button (all later PRs)