fix(health): 修复 5 角色深度测试发现的权限越权和告警端点缺失

- auth: token_service 查询 role_permissions/user_roles 添加 deleted_at 过滤，
  修复软删除的权限仍被加载到 JWT 的越权漏洞
- health: 新增 GET /health/alerts/{id} 告警详情端点（含 handler + service + 路由）
- web: AlertList 操作按钮增加 active 状态判断，修复按钮不显示
- migration: 新增 000127 清理 doctor 角色多余的 health-data.manage/ai.analysis.manage

crates/erp-auth/src/service/token_service.rs

@@ -207,6 +207,7 @@ impl TokenService {
         let user_role_rows = user_role::Entity::find()
             .filter(user_role::Column::UserId.eq(user_id))
             .filter(user_role::Column::TenantId.eq(tenant_id))
+            .filter(user_role::Column::DeletedAt.is_null())
             .all(db)
             .await
             .map_err(|e| AuthError::Validation(e.to_string()))?;
@@ -219,6 +220,7 @@ impl TokenService {
         let role_perm_rows = role_permission::Entity::find()
             .filter(role_permission::Column::RoleId.is_in(role_ids))
             .filter(role_permission::Column::TenantId.eq(tenant_id))
+            .filter(role_permission::Column::DeletedAt.is_null())
             .all(db)
             .await
             .map_err(|e| AuthError::Validation(e.to_string()))?;
@@ -247,6 +249,7 @@ impl TokenService {
         let user_role_rows = user_role::Entity::find()
             .filter(user_role::Column::UserId.eq(user_id))
             .filter(user_role::Column::TenantId.eq(tenant_id))
+            .filter(user_role::Column::DeletedAt.is_null())
             .all(db)
             .await
             .map_err(|e| AuthError::Validation(e.to_string()))?;