fix(health): 审计问题修复 — 权限守卫 + OAuth中间件 + FHIR声明 + SSE聚合

- OAuthClientList/RealtimeMonitor/OfflineEventList/StatisticsDashboard 补权限守卫
- OAuth 中间件注入 TenantContext + FHIR scope→permission 映射
- FHIR CapabilityStatement 移除未实现的 $lastn 操作
- useVitalSSE 修复批量同步事件数据聚合逻辑

apps/web/src/hooks/useVitalSSE.ts

@@ -41,15 +41,17 @@ export function useVitalSSE(options: UseVitalSSEOptions = {}): UseVitalSSEReturn
 
       setPatientVitals((prev) => {
         const next = new Map(prev);
-        if (data.device_model) {
-          const key = `${data.patient_id}_${data.device_model}`;
-          next.set(key, {
-            patient_id: data.patient_id,
-            device_type: data.device_model,
-            latest_value: data.count > 0 ? undefined : undefined,
-            updated_at: data.occurred_at ?? new Date().toISOString(),
-          });
-        }
+        const key = `${data.patient_id}_${data.device_model ?? 'unknown'}`;
+        const existing = next.get(key);
+        next.set(key, {
+          patient_id: data.patient_id,
+          device_type: data.device_model ?? 'unknown',
+          // 批量同步事件不含单值，用累计 count 表示活跃度
+          latest_value: data.count > 0
+            ? (existing?.latest_value ?? 0) + data.count
+            : existing?.latest_value,
+          updated_at: data.occurred_at ?? new Date().toISOString(),
+        });
         return next;
       });
       setLastUpdate(data);