feat(udt-011): T400.10 — inject TimeProvider into all Application handlers

All command handlers that call domain mutators now inject TimeProvider
via constructor and use _timeProvider.GetUtcNow().UtcDateTime as the
explicit 'now' argument. Replaces previous direct DateTime.UtcNow usage.

src/api/SIGCM2.Application/Auth/Logout/LogoutCommandHandler.cs

@@ -8,18 +8,24 @@ public sealed class LogoutCommandHandler : ICommandHandler<LogoutCommand, Logout
 {
     private readonly IRefreshTokenRepository _refreshRepo;
     private readonly ISecurityEventLogger _security;
+    private readonly TimeProvider _timeProvider;
 
-    public LogoutCommandHandler(IRefreshTokenRepository refreshRepo, ISecurityEventLogger security)
+    public LogoutCommandHandler(
+        IRefreshTokenRepository refreshRepo,
+        ISecurityEventLogger security,
+        TimeProvider timeProvider)
     {
         _refreshRepo = refreshRepo;
         _security = security;
+        _timeProvider = timeProvider;
     }
 
     public async Task<LogoutResponseDto> Handle(LogoutCommand command)
     {
         // Revoke all active tokens for the user across all families.
         // Idempotent: 0 rows affected is not an error.
-        await _refreshRepo.RevokeAllActiveForUserAsync(command.UsuarioId, DateTime.UtcNow);
+        var now = _timeProvider.GetUtcNow().UtcDateTime;
+        await _refreshRepo.RevokeAllActiveForUserAsync(command.UsuarioId, now);
         await _security.LogAsync("logout", "success", actorUserId: command.UsuarioId);
         return new LogoutResponseDto(true, "Sesión cerrada correctamente");
     }