feat(udt-011): T400.30 — inject TimeProvider into Infrastructure critical services

AuditLogger, SecurityEventLogger: inject TimeProvider and use
_timeProvider.GetUtcNow().UtcDateTime for occurredAt timestamps.
JwtService: inject TimeProvider; use GetUtcNow() for token IssuedAt/Expires.
DI: update JwtService factory to pass sp.GetRequiredService<TimeProvider>().
Repositories: remove ?? DateTime.UtcNow fallback in UpdateAsync since callers
always provide FechaModificacion via domain mutators.

src/api/SIGCM2.Infrastructure/Security/JwtService.cs

@@ -11,11 +11,13 @@ public sealed class JwtService : IJwtService
 {
     private readonly RSA _rsa;
     private readonly JwtOptions _options;
+    private readonly TimeProvider _timeProvider;
 
-    public JwtService(RSA rsa, JwtOptions options)
+    public JwtService(RSA rsa, JwtOptions options, TimeProvider timeProvider)
     {
         _rsa = rsa;
         _options = options;
+        _timeProvider = timeProvider;
     }
 
     /// <inheritdoc/>
@@ -62,7 +64,7 @@ public sealed class JwtService : IJwtService
             new("rol", usuario.Rol),
         };
 
-        var now = DateTime.UtcNow;
+        var now = _timeProvider.GetUtcNow().UtcDateTime;
         var descriptor = new SecurityTokenDescriptor
         {
             Subject = new ClaimsIdentity(claims),