feat(health): 为所有 DTO 添加 sanitize 防止存储型 XSS

覆盖 patient/health_data/appointment/follow_up/consultation/doctor
6 个 DTO 模块共 14 个请求结构体，在 handler 层统一调用 sanitize。

crates/erp-health/src/handler/consultation_handler.rs

@@ -131,13 +131,14 @@ where
     S: Clone + Send + Sync + 'static,
 {
     require_permission(&ctx, "health.consultation.manage")?;
-    let msg_req = CreateMessageReq {
+    let mut msg_req = CreateMessageReq {
         session_id: req.session_id,
         sender_id: ctx.user_id,
         sender_role: "doctor".to_string(),
         content_type: req.content_type,
         content: req.content,
     };
+    msg_req.sanitize();
     let result = consultation_service::create_message(
         &state, ctx.tenant_id, Some(ctx.user_id), msg_req,
     )