fix: address Phase 1-2 audit findings

- CORS: replace permissive() with configurable whitelist (default.toml)
- Auth store: synchronously restore state at creation to eliminate
  flash-of-login-page on refresh
- MainLayout: menu highlight now tracks current route via useLocation
- Add extractErrorMessage() utility to reduce repeated error parsing
- Fix all clippy warnings across 4 crates (erp-auth, erp-config,
  erp-workflow, erp-message): remove unnecessary casts, use div_ceil,
  collapse nested ifs, reduce function arguments with DTOs

crates/erp-message/src/handler/message_handler.rs

@@ -30,7 +30,7 @@ where
 
     let (messages, total) = MessageService::list(ctx.tenant_id, ctx.user_id, &query, db).await?;
 
-    let total_pages = (total + page_size - 1) / page_size;
+    let total_pages = total.div_ceil(page_size);
     Ok(Json(ApiResponse::ok(PaginatedResponse {
         data: messages,
         total,

crates/erp-message/src/handler/template_handler.rs

@@ -36,7 +36,7 @@ where
     let (templates, total) =
         TemplateService::list(ctx.tenant_id, page, page_size, &_state.db).await?;
 
-    let total_pages = (total + page_size - 1) / page_size;
+    let total_pages = total.div_ceil(page_size);
     Ok(Json(ApiResponse::ok(PaginatedResponse {
         data: templates,
         total,

crates/erp-message/src/module.rs

@@ -62,8 +62,6 @@ impl MessageModule {
     ///
     /// 在 main.rs 中调用，因为需要 db 连接。
     pub fn start_event_listener(db: sea_orm::DatabaseConnection, event_bus: EventBus) {
-        use sea_orm::ConnectionTrait;
-
         let mut rx = event_bus.subscribe();
         tokio::spawn(async move {
             loop {

crates/erp-message/src/service/message_service.rs

@@ -46,7 +46,7 @@ impl MessageService {
             .await
             .map_err(|e| MessageError::Validation(e.to_string()))?;
 
-        let page_index = query.page.unwrap_or(1).saturating_sub(1) as u64;
+        let page_index = query.page.unwrap_or(1).saturating_sub(1);
         let models = paginator
             .fetch_page(page_index)
             .await
@@ -132,6 +132,7 @@ impl MessageService {
     }
 
     /// 系统发送消息（由事件处理器调用）。
+    #[allow(clippy::too_many_arguments)]
     pub async fn send_system(
         tenant_id: Uuid,
         recipient_id: Uuid,