feat: systematic functional audit — fix 18 issues across Phase A/B

Phase A (P1 production blockers):
- A1: Apply IP rate limiting to public routes (login/refresh)
- A2: Publish domain events for workflow instance state transitions
  (completed/suspended/resumed/terminated) via outbox pattern
- A3: Replace hardcoded nil UUID default tenant with dynamic DB lookup
- A4: Add GET /api/v1/audit-logs query endpoint with pagination
- A5: Enhance CORS wildcard warning for production environments

Phase B (P2 functional gaps):
- B1: Remove dead erp-common crate (zero references in codebase)
- B2: Refactor 5 settings pages to use typed API modules instead of
  direct client calls; create api/themes.ts; delete dead errors.ts
- B3: Add resume/suspend buttons to InstanceMonitor page
- B4: Remove unused EventHandler trait from erp-core
- B5: Handle task.completed events in message module (send notifications)
- B6: Wire TimeoutChecker as 60s background task
- B7: Auto-skip ServiceTask nodes instead of crashing the process
- B8: Remove empty register_routes() from ErpModule trait and modules

crates/erp-core/src/module.rs

@@ -1,7 +1,6 @@
 use std::any::Any;
 use std::sync::Arc;
 
-use axum::Router;
 use uuid::Uuid;
 
 use crate::error::AppResult;
@@ -24,9 +23,6 @@ pub trait ErpModule: Send + Sync {
         vec![]
     }
 
-    /// 注册 Axum 路由
-    fn register_routes(&self, router: Router) -> Router;
-
     /// 注册事件处理器
     fn register_event_handlers(&self, _bus: &EventBus) {}
 
@@ -68,12 +64,6 @@ impl ModuleRegistry {
         self
     }
 
-    pub fn build_router(&self, base: Router) -> Router {
-        self.modules
-            .iter()
-            .fold(base, |router, m| m.register_routes(router))
-    }
-
     pub fn register_handlers(&self, bus: &EventBus) {
         for module in self.modules.iter() {
             module.register_event_handlers(bus);