fix(auth+miniprogram): 清除全部审计遗留问题

MEDIUM:
- WechatLoginReq/WechatBindPhoneReq 添加 Validate 派生 + 字段校验规则
- handler 中调用 req.validate() 并 map_err 转换
- 新增 AuthError::DbError 变体，wechat_service 所有 DB 错误从 Validation 改为 DbError
- DbError 映射到 AppError::Internal，不再误导前端

LOW:
- fetch_session 改用 reqwest Client.query() 构建参数，自动 URL 编码
- app.tsx PropsWithChildren<any> 改为 Record<string, unknown>
- login handleGetPhone 回调 e: any 改为内联类型
- appointment/create 4 个事件回调 e: any 改为内联类型
- health/input catch (e: any) 改为 catch (e: unknown) + instanceof 守卫
- report/detail Object.entries 去掉 [string, any] 类型断言
- wechat_service 移除 decrypt_phone_placeholder 函数，内联占位注释

crates/erp-auth/src/dto.rs

@@ -30,8 +30,9 @@ pub struct RefreshReq {
 
 // --- Wechat DTOs ---
 
-#[derive(Debug, Deserialize, ToSchema)]
+#[derive(Debug, Deserialize, Validate, ToSchema)]
 pub struct WechatLoginReq {
+    #[validate(length(min = 1, message = "code 不能为空"))]
     pub code: String,
 }
 
@@ -42,10 +43,13 @@ pub struct WechatLoginResp {
     pub token: Option<LoginResp>,
 }
 
-#[derive(Debug, Deserialize, ToSchema)]
+#[derive(Debug, Deserialize, Validate, ToSchema)]
 pub struct WechatBindPhoneReq {
+    #[validate(length(min = 1, message = "openid 不能为空"))]
     pub openid: String,
+    #[validate(length(min = 1, message = "encrypted_data 不能为空"))]
     pub encrypted_data: String,
+    #[validate(length(min = 1, message = "iv 不能为空"))]
     pub iv: String,
 }