feat(firestore): added scan_logs collection for admin analytics

- writeScanLog writes email, score, mode, fileName to scan_logs/{autoId} after each scan
- updated firestore.rules with write-only scan_logs rule

Author: sunnypatell

firestore.rules

@@ -5,5 +5,10 @@ service cloud.firestore {
     match /users/{userId}/scans/{scanId} {
       allow read, write: if request.auth != null && request.auth.uid == userId;
     }
+
+    // any authenticated user can create a scan log entry (write-only, no reads from client)
+    match /scan_logs/{logId} {
+      allow create: if request.auth != null;
+    }
   }
 }

src/lib/stores/scores.svelte.ts

@@ -10,7 +10,8 @@ import {
 	doc,
 	query,
 	orderBy,
-	limit
+	limit,
+	serverTimestamp
 } from 'firebase/firestore';
 import { db } from '$lib/firebase';
 import { authStore } from './auth.svelte';
@@ -133,6 +134,9 @@ class ScoresStore {
 			const docRef = await addDoc(scansRef, sanitized);
 			console.warn('[scores] saved scan to history:', docRef.id);
 
+			// write to top-level scan_logs for admin visibility
+			this.writeScanLog(sanitized, uid);
+
 			// prune old scans beyond the cap
 			const allScansQuery = query(scansRef, orderBy('timestamp', 'desc'));
 			const allSnap = await getDocs(allScansQuery);
@@ -150,6 +154,25 @@ class ScoresStore {
 		}
 	}
 
+	/** log scan to top-level scan_logs collection for admin browsing */
+	private async writeScanLog(entry: Omit<ScanHistoryEntry, 'id'>, uid: string) {
+		try {
+			const user = authStore.user;
+			await addDoc(collection(db, 'scan_logs'), {
+				uid,
+				email: user?.email ?? null,
+				displayName: user?.displayName ?? null,
+				fileName: entry.fileName ?? null,
+				mode: entry.mode,
+				averageScore: entry.averageScore,
+				passingCount: entry.passingCount,
+				createdAt: serverTimestamp()
+			});
+		} catch {
+			// non-critical, don't break the scan flow
+		}
+	}
+
 	async clearHistory() {
 		if (!browser || !authStore.isAuthenticated || !authStore.user) return;