fix(security): resolve audit findings and compilation errors (Phase 6)

Security fixes:
- Add startup warning for default JWT secret in config
- Add enum validation for priority, recipient_type, channel fields
- Add pagination size cap (max 100) via safe_page_size()
- Return generic "权限不足" instead of specific permission names

Compilation fixes:
- Fix missing standard fields in ActiveModel for tokens/process_variables
- Fix migration imports for Statement/DatabaseBackend/Uuid
- Add version_field to process_definition ActiveModel

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

crates/erp-message/src/service/message_service.rs

@@ -20,7 +20,7 @@ impl MessageService {
         query: &MessageQuery,
         db: &sea_orm::DatabaseConnection,
     ) -> MessageResult<(Vec<MessageResp>, u64)> {
-        let page_size = query.page_size.unwrap_or(20);
+        let page_size = query.safe_page_size();
         let mut q = message::Entity::find()
             .filter(message::Column::TenantId.eq(tenant_id))
             .filter(message::Column::RecipientId.eq(recipient_id))