fix: Remove broken AuditLogModel call in upload_attachment.php

The AuditLogModel was being instantiated without required $conn parameter
when logging CSRF failures, causing a 500 error.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

api/upload_attachment.php

@@ -60,9 +60,6 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
 // Verify CSRF token
 $csrfToken = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
 if (!CsrfMiddleware::validateToken($csrfToken)) {
-    require_once dirname(__DIR__) . '/models/AuditLogModel.php';
-    $auditLog = new AuditLogModel();
-    $auditLog->logCsrfFailure($_SESSION['user']['user_id'] ?? null, 'upload_attachment');
     ResponseHelper::forbidden('Invalid CSRF token');
 }