feat: Implement Logstash audit exporter (#162)

* feat: Implement Logstash audit exporter

Add LogstashExporter implementation that sends audit events to Logstash via TCP using JSON Lines protocol.

Key features:
- TCP connection with automatic reconnection on failure
- JSON Lines protocol (newline-delimited JSON)
- Batch support for efficient event transmission
- Connection timeout handling (10 seconds)
- Comprehensive test coverage

Implementation details:
- Create src/server/audit/logstash.rs with LogstashExporter struct
- Wire up LogstashExporter in AuditManager
- Implement AuditExporter trait methods: export, export_batch, flush, close
- Add 9 unit tests covering all functionality including edge cases

Resolves #137

* fix: Address security issues in Logstash audit exporter

* docs: Update architecture documentation for Logstash exporter

Mark LogstashExporter as implemented (no longer "planned") and add
documentation with usage example.

Author: inureyes

ARCHITECTURE.md

@@ -307,6 +307,14 @@ let exporter = FileExporter::new(Path::new("/var/log/audit.log"))?
   - Graceful shutdown and flush methods
   - TLS support for secure audit data transmission
 
+- **LogstashExporter**: Logstash exporter for ELK stack integration
+  - TCP connection with JSON Lines protocol (newline-delimited JSON)
+  - Optional TLS encryption for secure transmission
+  - Automatic reconnection on connection failure
+  - Batch support for efficient event transmission
+  - Connection timeout handling (default: 10 seconds)
+  - Configurable host and port
+
 **OtelExporter Usage**:
 ```rust
 use bssh::server::audit::otel::OtelExporter;
@@ -328,8 +336,27 @@ exporter.export(event).await?;
 exporter.close().await?;
 ```
 
-**Future Exporters** (planned):
-- Logstash exporter for centralized logging
+**LogstashExporter Usage**:
+```rust
+use bssh::server::audit::logstash::LogstashExporter;
+use bssh::server::audit::exporter::AuditExporter;
+use bssh::server::audit::event::{AuditEvent, EventType};
+
+// Create exporter (unencrypted by default)
+let exporter = LogstashExporter::new("logstash.example.com", 5044)?
+    .with_tls(true);  // Enable TLS for production
+
+// Export an audit event
+let event = AuditEvent::new(
+    EventType::AuthSuccess,
+    "alice".to_string(),
+    "session-123".to_string(),
+);
+exporter.export(event).await?;
+
+// Graceful shutdown
+exporter.close().await?;
+```
 
 ### Server CLI Binary
 **Binary**: `bssh-server`

Cargo.lock

@@ -73,6 +73,8 @@ opentelemetry = "0.21"
 opentelemetry_sdk = { version = "0.21", features = ["rt-tokio", "logs"] }
 opentelemetry-otlp = { version = "0.14", features = ["grpc-tonic", "logs"] }
 url = "2.5"
+tokio-rustls = "0.26"
+rustls-native-certs = "0.8"
 
 [target.'cfg(target_os = "macos")'.dependencies]
 security-framework = "3.5.1"