refactor(mp): CSS 变量主题 + 登录页改造 — UI 优化 Phase 0-2

Phase 0: 建立 design token 体系
- tokens.scss 新增 --tk-pri/--tk-pri-l/--tk-pri-d/--tk-shadow-btn/--tk-shadow-tab
- .doctor-mode 覆盖为靛蓝色系，.elder-mode 非线性放大字号
- variables.scss 新增医生端色彩 + 阴影变量

Phase 1: 组件库 + 页面全局替换
- 75 个页面 SCSS $pri → var(--tk-pri) 全量替换
- 11 个新 UI 组件（PrimaryButton/TabFilter/FormInput/ProgressRing 等）
- 8 个现有组件 SCSS 更新
- 18 个医生端页面 useElderClass → useDoctorClass
- PageHeader 匹配原型 NavBar 规格

Phase 2: 登录页重写
- Logo: 方形+ → 圆形渐变 H
- 登录方式: 纯微信 → 账号密码 + 微信一键登录
- 新增 credentialLogin API + store action
- 字号/间距严格匹配原型 mp-01-login.html

apps/miniprogram/src/stores/auth.ts

@@ -28,6 +28,7 @@ interface AuthState {
   loading: boolean;
 
   login: (code: string) => Promise<boolean>;
+  credentialLogin: (username: string, password: string) => Promise<boolean>;
   bindPhone: (encryptedData: string, iv: string) => Promise<boolean>;
   setCurrentPatient: (patient: authApi.PatientInfo) => void;
   loadPatients: () => Promise<void>;
@@ -154,6 +155,33 @@ export const useAuthStore = create<AuthState>((set, get) => ({
     }
   },
 
+  credentialLogin: async (username: string, password: string) => {
+    if (get().loading) return false;
+    set({ loading: true });
+    try {
+      const tenantId = Taro.getStorageSync('tenant_id') || process.env.TARO_APP_DEFAULT_TENANT_ID || '';
+      const resp = await authApi.credentialLogin(username, password, tenantId);
+      const roles = (resp as Record<string, unknown>).roles instanceof Array
+        ? ((resp as Record<string, unknown>).roles as Array<Record<string, string>>).map((r) => r.code || r.name || String(r))
+        : [];
+      secureSet('access_token', resp.access_token);
+      secureSet('refresh_token', resp.refresh_token);
+      if (resp.expires_in) {
+        secureSet('token_expires_at', String(Date.now() + resp.expires_in * 1000));
+      }
+      const user = resp.user;
+      secureSet('user_data', JSON.stringify(user));
+      secureSet('user_roles', JSON.stringify(roles));
+      secureSet('tenant_id', user.tenant_id || tenantId);
+      set({ user, roles, loading: false });
+      clearLoggingOut();
+      return true;
+    } catch {
+      set({ loading: false });
+      return false;
+    }
+  },
+
   bindPhone: async (encryptedData: string, iv: string) => {
     if (get().loading) return false;
     set({ loading: true });