For compliance reasons an audit log may be introduced to record all security related failures and backup downloads.

Example events:

• "backup downloaded from X IP at 01.01.2023 + token shortcut"
• "failed to upload backup, window does not match, date: 01.01.2023 + IP + token shortcut"
• "failed to upload backup, no gpg header/footer found + date + IP + token shortcut"
• "too many backups uploaded in a short time period + date + IP + token shortcut"
• "warning: backup file is at least 50% lighter than previous backup"
• "tried to upload files simultaneously + date + IP + token shortcut"

There should be an endpoint to browse the audit log, with a pagination.
Every entry in the audit log should have a severity one of: low, medium, high
The audit log should require a permission from the user to view.

Additionally the collection health endpoint could show an extra entry that counts if there is any entry with high severity with a possibiity to pass the "since" date as a query string parameter, with defaults to 1 day.