feat(health): patient_service 集成 PiiCrypto — 电话/过敏史/病史加密

- HealthState.crypto: HealthCrypto → PiiCrypto (erp-core)
- create_patient: 加密 phone/allergy/medical_history + HMAC 索引
- update_patient: 同上，同步加密
- model_to_resp_decrypted: 解密所有 Tier 1 字段
- model_to_resp (列表): Tier 1 字段返回 None
- list_patients 搜索: 新增 phone hash 精确搜索
- article handler: 适配新 list_articles 签名
- article 迁移: 添加 category_id 列
- error.rs: From<String> for HealthError
- 集成测试: HealthCrypto → PiiCrypto::dev_default()

crates/erp-server/src/state.rs

@@ -22,6 +22,8 @@ pub struct AppState {
     pub plugin_entity_cache: moka::sync::Cache<String, erp_plugin::state::EntityInfo>,
     /// AI 模块状态（启动时构建，避免每次请求重建）
     pub ai_state: erp_ai::AiState,
+    /// PII 加密服务（KEK + DEK 管理）
+    pub pii_crypto: erp_core::crypto::PiiCrypto,
 }
 
 /// Allow handlers to extract `DatabaseConnection` directly from `State<AppState>`.
@@ -104,16 +106,10 @@ impl FromRef<AppState> for erp_plugin::state::PluginState {
 /// Allow erp-health handlers to extract their required state.
 impl FromRef<AppState> for erp_health::HealthState {
     fn from_ref(state: &AppState) -> Self {
-        let crypto = erp_health::HealthCrypto::from_keys(
-            &state.config.health.aes_key,
-            &state.config.health.hmac_key,
-        )
-        .expect("Health encryption keys must be valid 32-byte hex strings. Set ERP__HEALTH__AES_KEY and ERP__HEALTH__HMAC_KEY");
-
         Self {
             db: state.db.clone(),
             event_bus: state.event_bus.clone(),
-            crypto,
+            crypto: state.pii_crypto.clone(),
         }
     }
 }