feat: 新增补丁管理和异常检测插件及相关功能

feat(protocol): 添加补丁管理和行为指标协议类型
feat(client): 实现补丁管理插件采集功能
feat(server): 添加补丁管理和异常检测API
feat(database): 新增补丁状态和异常检测相关表
feat(web): 添加补丁管理和异常检测前端页面
fix(security): 增强输入验证和防注入保护
refactor(auth): 重构认证检查逻辑
perf(service): 优化Windows服务恢复策略
style: 统一健康评分显示样式
docs: 更新知识库文档

crates/server/src/api/usb.rs

@@ -66,7 +66,7 @@ pub async fn list_policies(
 ) -> Json<ApiResponse<serde_json::Value>> {
     let rows = sqlx::query(
         "SELECT id, name, policy_type, target_group, rules, enabled, created_at, updated_at
-         FROM usb_policies ORDER BY created_at DESC"
+         FROM usb_policies ORDER BY created_at DESC LIMIT 500"
     )
     .fetch_all(&state.db)
     .await;
@@ -106,6 +106,11 @@ pub async fn create_policy(
 ) -> (StatusCode, Json<ApiResponse<serde_json::Value>>) {
     let enabled = body.enabled.unwrap_or(1);
 
+    // Input validation
+    if body.name.trim().is_empty() || body.name.len() > 100 {
+        return (StatusCode::BAD_REQUEST, Json(ApiResponse::error("name must be 1-100 chars")));
+    }
+
     let result = sqlx::query(
         "INSERT INTO usb_policies (name, policy_type, target_group, rules, enabled) VALUES (?, ?, ?, ?, ?)"
     )