feat(udt-011): T400.30 — inject TimeProvider into Infrastructure critical services

AuditLogger, SecurityEventLogger: inject TimeProvider and use
_timeProvider.GetUtcNow().UtcDateTime for occurredAt timestamps.
JwtService: inject TimeProvider; use GetUtcNow() for token IssuedAt/Expires.
DI: update JwtService factory to pass sp.GetRequiredService<TimeProvider>().
Repositories: remove ?? DateTime.UtcNow fallback in UpdateAsync since callers
always provide FechaModificacion via domain mutators.

src/api/SIGCM2.Infrastructure/Audit/SecurityEventLogger.cs

@@ -11,15 +11,18 @@ public sealed class SecurityEventLogger : ISecurityEventLogger
     private readonly ISecurityEventRepository _repo;
     private readonly IAuditContext _context;
     private readonly IOptions<AuditOptions> _options;
+    private readonly TimeProvider _timeProvider;
 
     public SecurityEventLogger(
         ISecurityEventRepository repo,
         IAuditContext context,
-        IOptions<AuditOptions> options)
+        IOptions<AuditOptions> options,
+        TimeProvider timeProvider)
     {
         _repo = repo;
         _context = context;
         _options = options;
+        _timeProvider = timeProvider;
     }
 
     public async Task LogAsync(
@@ -37,7 +40,7 @@ public sealed class SecurityEventLogger : ISecurityEventLogger
             : JsonSanitizer.Sanitize(metadata, _options.Value.SanitizedKeys);
 
         await _repo.InsertAsync(
-            occurredAt: DateTime.UtcNow,
+            occurredAt: _timeProvider.GetUtcNow().UtcDateTime,
             actorUserId: actorUserId,
             attemptedUsername: attemptedUsername,
             sessionId: sessionId,