feat(auth,plugin): Q3 行级数据权限 — user_departments 表 + JWT 注入 department_ids + data_scope 接线

- 新增 user_departments 关联表（migration + entity）
- JWT 中间件查询用户部门并注入 TenantContext.department_ids
- role_permission entity 添加 data_scope 字段
- data_handler 接线行级数据权限过滤（list/count/aggregate）
- DataScopeParams + build_scope_sql + merge_scope_condition 实现全链路

crates/erp-auth/src/entity/role_permission.rs

@@ -9,6 +9,8 @@ pub struct Model {
     #[sea_orm(primary_key, auto_increment = false)]
     pub permission_id: Uuid,
     pub tenant_id: Uuid,
+    /// 行级数据权限范围: all, self, department, department_tree
+    pub data_scope: String,
     pub created_at: DateTimeUtc,
     pub updated_at: DateTimeUtc,
     pub created_by: Uuid,