fix(health): 四次审计修复 — 6 CRITICAL + 8 HIGH + 4 MEDIUM

CRITICAL:
- C-1: consultation sender_id 改为从 JWT ctx.user_id 注入，防伪造
- C-2: consultation session 更新改为 CAS 原子操作，防并发丢失
- C-3: 随访记录创建包裹在事务中，保证记录/任务/后续任务一致性
- C-4/C-5/C-6: 唯一索引改为 partial index WHERE deleted_at IS NULL

HIGH:
- H-1: manage_patient_tags 添加 tag_ids 租户归属校验
- H-2: assign_doctor 添加重复关联检查
- H-3: calendar_view 限制日期范围最多 90 天
- H-4: export_sessions 添加 10000 条上限
- H-5: patient_tag_relation/patient_doctor_relation 添加 version 字段
- H-6: create_schedule 添加医生存在性检查
- H-7: 预约取消排班释放错误改为日志记录
- H-8: follow_up_task.related_appointment_id 添加 FK 约束

MEDIUM:
- M-2: 修复 search LIKE 双重 % 包裹问题
- M-3: article_service 错误类型改为 ArticleNotFound
- M-4: patient.created 事件移除 PII（姓名）
- M-6: lab_report 添加 (tenant_id, report_type) 索引

crates/erp-health/src/handler/consultation_handler.rs

@@ -35,7 +35,6 @@ pub struct CloseSessionReq {
 #[derive(Debug, serde::Deserialize, utoipa::ToSchema)]
 pub struct CreateConsultationMessageReq {
     pub session_id: Uuid,
-    pub sender_id: Uuid,
     pub sender_role: String,
     pub content_type: Option<String>,
     pub content: String,
@@ -135,7 +134,7 @@ where
     require_permission(&ctx, "health.consultation.manage")?;
     let msg_req = CreateMessageReq {
         session_id: req.session_id,
-        sender_id: req.sender_id,
+        sender_id: ctx.user_id,
         sender_role: req.sender_role,
         content_type: req.content_type,
         content: req.content,