chore(schema): add Token.revokedAt for surgical token revocation (#11)

Pre-requisite for the live-policy auth rewrite in #11. The new
revoke_token admin RPC needs a way to mark a single Token as
revoked without nuking the whole KeyUser (revoke_user) or
conflating with future expiry cleanup (deletedAt).

Nullable DateTime — existing rows default to NULL (active), no
data migration needed.

refs: #11

prisma/schema.prisma

@@ -110,6 +110,7 @@ model Token {
   deletedAt  DateTime?
   expiresAt  DateTime?
   redeemedAt DateTime?
+  revokedAt  DateTime?
   keyUserId  Int?
   policyId   Int?
   policy     Policy?   @relation(fields: [policyId], references: [id])