fix(audit): escape LIKE wildcards in audit log search query

Escape %, _, and \ characters in the search parameter before embedding
in the LIKE pattern to prevent unintended broad matches.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/app/api/v1/audit-logs/query.ts

@@ -45,7 +45,8 @@ export function buildFilterConditions(params: AuditLogFilterParams): SQL<unknown
   if (params.actorEmail) conditions.push(eq(auditLog.actorEmail, params.actorEmail))
 
   if (params.search) {
-    const searchTerm = `%${params.search}%`
+    const escaped = params.search.replace(/[%_\\]/g, '\\$&')
+    const searchTerm = `%${escaped}%`
     conditions.push(
       or(
         ilike(auditLog.action, searchTerm),