fix(auth+miniprogram): 清除全部审计遗留问题

MEDIUM:
- WechatLoginReq/WechatBindPhoneReq 添加 Validate 派生 + 字段校验规则
- handler 中调用 req.validate() 并 map_err 转换
- 新增 AuthError::DbError 变体，wechat_service 所有 DB 错误从 Validation 改为 DbError
- DbError 映射到 AppError::Internal，不再误导前端

LOW:
- fetch_session 改用 reqwest Client.query() 构建参数，自动 URL 编码
- app.tsx PropsWithChildren<any> 改为 Record<string, unknown>
- login handleGetPhone 回调 e: any 改为内联类型
- appointment/create 4 个事件回调 e: any 改为内联类型
- health/input catch (e: any) 改为 catch (e: unknown) + instanceof 守卫
- report/detail Object.entries 去掉 [string, any] 类型断言
- wechat_service 移除 decrypt_phone_placeholder 函数，内联占位注释

crates/erp-auth/src/handler/wechat_handler.rs

@@ -1,5 +1,6 @@
 use axum::extract::{FromRef, State};
 use axum::response::Json;
+use validator::Validate;
 
 use erp_core::error::AppError;
 use erp_core::types::ApiResponse;
@@ -30,9 +31,8 @@ where
     AuthState: FromRef<S>,
     S: Clone + Send + Sync + 'static,
 {
-    if req.code.is_empty() {
-        return Err(AppError::Validation("code 不能为空".to_string()));
-    }
+    req.validate()
+        .map_err(|e| AppError::Validation(e.to_string()))?;
 
     let tenant_id = state.default_tenant_id;
     let resp = WechatService::login(&state, tenant_id, &req.code).await?;
@@ -60,9 +60,8 @@ where
     AuthState: FromRef<S>,
     S: Clone + Send + Sync + 'static,
 {
-    if req.openid.is_empty() {
-        return Err(AppError::Validation("openid 不能为空".to_string()));
-    }
+    req.validate()
+        .map_err(|e| AppError::Validation(e.to_string()))?;
 
     let tenant_id = state.default_tenant_id;
     let resp = WechatService::bind_phone(