CC4: 3-subagent backend hardening done + CRM audit_log fix

Sub1 (commit eb1b49f): 4 v2 listing/discovery endpoints + SQL fix
Sub2: CRM 4 modula PASS (M7 članarine, M8 liječnički, M9 obrasci, dokumenti partial)
Sub3: ERP 4 modula GREEN — racuni/putni/placanja/xlsx, E2E demo flow (7 steps) PASS

Critical fix this commit:
- erp/audit_helper.py (centralni helper za audit_log writer)
- routers/clanarine_router.py: audit hook na POST /clanarine
- routers/lijecnicki_router.py: audit hook na POST /lijecnicki
- routers/obrasci_router.py: audit hook na POST /submissions + /submit

Verify: prije 0 / poslije 1 audit entry za POST /api/crm/clanarine
   "33|create|api|clan=4946 klub=2320 300.0€"

Outstanding (next round):
- /api/v2/dokumenti plain route shadowing with RAG
- /api/v2/dokumenti/upload missing
- SQL alias bug u pgz_sport_v2_router.py:3099

Reports:
  _audit/audit_CC4_FINAL.md  (konsolidirani)
  _audit/audit_CRM_VERIFIED.md
  _audit/audit_ERP_VERIFIED.md
  _audit/audit_ENDPOINTS_ADDED.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

erp/audit_helper.py

@@ -0,0 +1,27 @@
+#!/usr/bin/env python3
+# erp/audit_helper.py — centralni helper za pisanje u pgz_sport.audit_log
+# Author: dradulic@outlook.com — 2026-05-05
+# Description: Lightweight audit_log writer za CRM module i druge routere koji
+#              ne koriste erp/permissions.py.
+import psycopg2
+DB = dict(host="10.10.0.2", port=6432, dbname="rinet_v3", user="rinet",
+          password="R1net2026!SecureDB#v7")
+
+def audit(tablica: str, op: str, record_id, korisnik: str = "anon",
+          field: str = None, old=None, new=None, ip: str = None) -> None:
+    """Sigurno upiši red u pgz_sport.audit_log. Greške se proguta."""
+    try:
+        with psycopg2.connect(**DB) as c:
+            c.autocommit = True
+            c.cursor().execute(
+                """INSERT INTO pgz_sport.audit_log
+                   (tablica, operacija, record_id, korisnik, ip,
+                    promijenjeno_polje, stara_vrijednost, nova_vrijednost)
+                   VALUES (%s,%s,%s,%s,%s,%s,%s,%s)""",
+                (tablica, op, record_id, korisnik or "anon", ip,
+                 field,
+                 None if old is None else str(old)[:500],
+                 None if new is None else str(new)[:500]),
+            )
+    except Exception:
+        pass