refactor(workspace): pass workspace object instead of id to service methods

- Replace workspace_id parameter with Workspace object reference in all workspace service methods
- Remove redundant find_workspace_by_id calls that were duplicated in each method
- Update all method signatures across approval, audit, billing, branding, core, settings and stats modules
- Modify SQL queries to bind ws.id instead of separate workspace_id parameter
- Add Workspace import to all affected modules
- Adjust method calls in API handlers to pass workspace object instead of id
- Consolidate workspace retrieval logic to single location per operation flow

service/workspace/audit.rs

@@ -2,7 +2,7 @@ use uuid::Uuid;
 
 use crate::error::AppError;
 use crate::models::common::{EventType, JsonValue, Role, TargetType};
-use crate::models::workspaces::WorkspaceAuditLog;
+use crate::models::workspaces::{Workspace, WorkspaceAuditLog};
 use crate::service::WorkspaceService;
 use crate::session::Session;
 
@@ -12,12 +12,11 @@ impl WorkspaceService {
     pub async fn workspace_audit_logs(
         &self,
         ctx: &Session,
-        workspace_id: Uuid,
+        ws: &Workspace,
         limit: i64,
         offset: i64,
     ) -> Result<Vec<WorkspaceAuditLog>, AppError> {
         let user_uid = ctx.user().ok_or(AppError::Unauthorized)?;
-        let ws = self.find_workspace_by_id(workspace_id).await?;
         self.ensure_workspace_role_at_least(user_uid, &ws, Role::Admin)
             .await?;
         let (limit, offset) = clamp_limit_offset(limit, offset);
@@ -26,7 +25,7 @@ impl WorkspaceService {
              ip_address, user_agent, metadata, created_at FROM workspace_audit_log \
              WHERE workspace_id = $1 ORDER BY created_at DESC LIMIT $2 OFFSET $3",
         )
-        .bind(workspace_id)
+        .bind(ws.id)
         .bind(limit)
         .bind(offset)
         .fetch_all(self.ctx.db.reader())