docs(audit) : documente trusted_proxies pour l'IP du journal

config/packages/framework.yaml

@@ -5,6 +5,14 @@ framework:
     # Note that the session will be started ONLY if you read or write from it.
     session: true
 
+    # Trusted proxies — REQUIRED for a correct client IP in the activity log
+    # when SIRH runs behind a reverse proxy (nginx / traefik / cloud LB).
+    # Without this, Request::getClientIp() returns the PROXY ip, not the client's.
+    # Uncomment and set to the proxy network/CIDR of your deployment, e.g.:
+    #   trusted_proxies: '127.0.0.1,REMOTE_ADDR,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16'
+    #   trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port']
+    # trusted_proxies: '%env(TRUSTED_PROXIES)%'
+
     #esi: true
     #fragments: true