Admin viewing the audit/analytics dashboards hits /api/v1/admin/* which the
request-audit middleware logged as api_request — polluting top_paths and
activity counts with the dashboards' own traffic. Skip api_request for admin
paths; keep login (admin sign-in from an IP is still valid audit).