feat(core): implement optimistic locking across all entities

Add VersionMismatch error variant and check_version() helper to erp-core.
All 13 mutable entities now enforce version checking on update/delete:
- erp-auth: user, role, organization, department, position
- erp-config: dictionary, dictionary_item, menu, setting, numbering_rule
- erp-workflow: process_definition, process_instance, task
- erp-message: message, message_subscription

Update DTOs to expose version in responses and require version in update
requests. HTTP 409 Conflict returned on version mismatch.

crates/erp-auth/src/error.rs

@@ -23,6 +23,9 @@ pub enum AuthError {
 
     #[error("{0}")]
     Validation(String),
+
+    #[error("版本冲突: 数据已被其他操作修改，请刷新后重试")]
+    VersionMismatch,
 }
 
 impl From<AuthError> for AppError {
@@ -35,6 +38,16 @@ impl From<AuthError> for AppError {
             AuthError::Validation(s) => AppError::Validation(s),
             AuthError::HashError(_) => AppError::Internal(err.to_string()),
             AuthError::JwtError(_) => AppError::Unauthorized,
+            AuthError::VersionMismatch => AppError::VersionMismatch,
+        }
+    }
+}
+
+impl From<AppError> for AuthError {
+    fn from(err: AppError) -> Self {
+        match err {
+            AppError::VersionMismatch => AuthError::VersionMismatch,
+            other => AuthError::Validation(other.to_string()),
         }
     }
 }