fix(health): DTO 输入校验补全 + handler .validate() 调用

- daily_monitoring_dto: Create/Update 添加 Validate derive + 血压/体重/血糖/入液量范围校验
- health_data_dto: LabReport/HealthRecord Create/Update/Review 添加 Validate derive
- consultation_dto: CreateSessionReq/CreateMessageReq 添加 Validate + content length
- article_dto: title max=500→200 匹配 DB VARCHAR(200)
- health_data_handler: 7 个 create/update handler 添加 .validate() 调用
- consultation_handler: create_session/create_message 添加 .validate() 调用
- daily_monitoring_handler: create/update 添加 .validate() 调用

crates/erp-health/src/handler/article_handler.rs

@@ -25,7 +25,7 @@ where
 {
     require_permission(&ctx, "health.articles.list")?;
     let page = params.page.unwrap_or(1);
-    let page_size = params.page_size.unwrap_or(20);
+    let page_size = params.page_size.unwrap_or(20).min(100);
     // 非管理权限用户只能查看已发布文章，防止草稿泄露
     let status =
         if require_any_permission(&ctx, &["health.articles.manage", "health.articles.review"])
@@ -58,7 +58,7 @@ pub async fn list_public_articles(
         .tenant_id
         .ok_or_else(|| AppError::Validation("tenant_id is required".into()))?;
     let page = params.page.unwrap_or(1);
-    let page_size = params.page_size.unwrap_or(20);
+    let page_size = params.page_size.unwrap_or(20).min(100);
     let result = article_service::list_articles(
         &state,
         tenant_id,
@@ -307,7 +307,7 @@ where
 {
     require_permission(&ctx, "health.articles.list")?;
     let page = params.page.unwrap_or(1);
-    let page_size = params.page_size.unwrap_or(20);
+    let page_size = params.page_size.unwrap_or(20).min(100);
     let result =
         article_service::list_revisions(&state, ctx.tenant_id, id, page, page_size).await?;
     Ok(Json(ApiResponse::ok(result)))