fix(health): 修复审计发现的 10 个 CRITICAL 问题

权限与安全:
- 为全部 51 个 handler 端点添加 require_permission 权限检查
- 修复 CAS 预约操作中 doctor_id 为 None 时使用 Uuid::nil() 的问题

状态机修复:
- 预约初始状态从 "scheduled" 改为 "pending"（匹配设计规格）
- 排班状态从 "active" 改为 "enabled"
- 咨询会话添加 waiting→active 自动触发（首条消息时）
- 新增 create_session 端点和 DTO

数据完整性:
- doctor_profile 表添加 name 列（entity + migration + service）
- lab_report/health_trend 的 json 列改为 json_binary（支持 GIN 索引）
- 添加关键索引：patient.id_number UNIQUE、patient_tag UNIQUE、
  doctor_schedule 唯一排班槽位、health_trend、doctor_profile.name
- 随访记录完成后自动检查 next_follow_up_date 创建后续任务

事件总线:
- 实现 10 种核心事件发布（patient/appointment/follow_up/consultation/lab_report）
- 实现 workflow.task.completed 和 message.sent 事件订阅框架

种子数据:
- 实现 seed_tenant_health（8 个默认患者标签）
- 实现 soft_delete_tenant_data（16 张表级联软删除）

crates/erp-health/src/handler/consultation_handler.rs

@@ -5,6 +5,7 @@ use utoipa::IntoParams;
 use uuid::Uuid;
 
 use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
 use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};
 
 use crate::dto::consultation_dto::*;
@@ -47,6 +48,23 @@ pub struct ExportSessionsParams {
     pub doctor_id: Option<Uuid>,
 }
 
+pub async fn create_session<S>(
+    State(state): State<HealthState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<CreateSessionReq>,
+) -> Result<Json<ApiResponse<SessionResp>>, AppError>
+where
+    HealthState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "health.consultation.manage")?;
+    let result = consultation_service::create_session(
+        &state, ctx.tenant_id, Some(ctx.user_id), req,
+    )
+    .await?;
+    Ok(Json(ApiResponse::ok(result)))
+}
+
 pub async fn list_sessions<S>(
     State(state): State<HealthState>,
     Extension(ctx): Extension<TenantContext>,
@@ -56,6 +74,7 @@ where
     HealthState: FromRef<S>,
     S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.consultation.list")?;
     let page = params.page.unwrap_or(1);
     let page_size = params.page_size.unwrap_or(20);
     let result = consultation_service::list_sessions(
@@ -76,6 +95,7 @@ where
     HealthState: FromRef<S>,
     S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.consultation.list")?;
     let page = params.page.unwrap_or(1);
     let page_size = params.page_size.unwrap_or(20);
     let result = consultation_service::list_messages(
@@ -95,6 +115,7 @@ where
     HealthState: FromRef<S>,
     S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.consultation.manage")?;
     let result = consultation_service::close_session(
         &state, ctx.tenant_id, id, Some(ctx.user_id), req.version,
     )
@@ -111,6 +132,7 @@ where
     HealthState: FromRef<S>,
     S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.consultation.manage")?;
     let msg_req = CreateMessageReq {
         session_id: req.session_id,
         sender_id: req.sender_id,
@@ -134,6 +156,7 @@ where
     HealthState: FromRef<S>,
     S: Clone + Send + Sync + 'static,
 {
+    require_permission(&ctx, "health.consultation.list")?;
     let result = consultation_service::export_sessions(
         &state, ctx.tenant_id, params.status, params.patient_id, params.doctor_id,
     )