feat(auth,plugin): Q3 行级数据权限 — user_departments 表 + JWT 注入 department_ids + data_scope 接线

- 新增 user_departments 关联表（migration + entity）
- JWT 中间件查询用户部门并注入 TenantContext.department_ids
- role_permission entity 添加 data_scope 字段
- data_handler 接线行级数据权限过滤（list/count/aggregate）
- DataScopeParams + build_scope_sql + merge_scope_condition 实现全链路

crates/erp-server/migration/src/lib.rs

@@ -36,6 +36,7 @@ mod m20260417_000033_create_plugins;
 mod m20260417_000034_seed_plugin_permissions;
 mod m20260418_000035_pg_trgm_and_entity_columns;
 mod m20260418_000036_add_data_scope_to_role_permissions;
+mod m20260419_000037_create_user_departments;
 
 pub struct Migrator;
 
@@ -79,6 +80,7 @@ impl MigratorTrait for Migrator {
             Box::new(m20260417_000034_seed_plugin_permissions::Migration),
             Box::new(m20260418_000035_pg_trgm_and_entity_columns::Migration),
             Box::new(m20260418_000036_add_data_scope_to_role_permissions::Migration),
+            Box::new(m20260419_000037_create_user_departments::Migration),
         ]
     }
 }