fix(health): 修复 5 角色深度测试发现的权限越权和告警端点缺失

- auth: token_service 查询 role_permissions/user_roles 添加 deleted_at 过滤，
  修复软删除的权限仍被加载到 JWT 的越权漏洞
- health: 新增 GET /health/alerts/{id} 告警详情端点（含 handler + service + 路由）
- web: AlertList 操作按钮增加 active 状态判断，修复按钮不显示
- migration: 新增 000127 清理 doctor 角色多余的 health-data.manage/ai.analysis.manage

crates/erp-health/src/module.rs

@@ -760,6 +760,10 @@ impl HealthModule {
                 "/health/alerts",
                 axum::routing::get(alert_handler::list_alerts),
             )
+            .route(
+                "/health/alerts/{id}",
+                axum::routing::get(alert_handler::get_alert),
+            )
             .route(
                 "/health/alerts/{id}/acknowledge",
                 axum::routing::put(alert_handler::acknowledge),