fix(diary): 为所有 DTO 添加 Validate derive + handler 调用 validate()

DTO 验证规则:
- CreateJournalReq: title 1-200, tags ≤20
- UpdateJournalReq: title 1-200, tags ≤20
- CreateClassReq: name 1-50, school_name ≤100
- JoinClassReq: class_code = 6位
- UpdateClassReq: name 1-50, school_name ≤100
- SyncReq: changes ≤100 条
- CreateTopicReq: title 1-200, description ≤2000
- UpdateTopicReq: title 1-200, description ≤2000
- CreateCommentReq: content 1-1000
- CreateStickerPackReq: name 1-50, description ≤500
- UpdateStickerPackReq: name 1-50, description ≤500
- CreateStickerReq: name 1-30, image_url 1-500
- BindChildReq/DeleteChildDataReq: Validate derive (Uuid 已由 serde 验证)

Handler 调用: validate() 放在 require_permission() 之前（先验证输入再检查权限）

审计 ID: 5a-C01, 5a-C02, 5a-C03

crates/erp-diary/src/handler/parent_handler.rs

@@ -5,6 +5,7 @@ use axum::response::Json;
 use serde::{Deserialize, Serialize};
 use utoipa::{IntoParams, ToSchema};
 use uuid::Uuid;
+use validator::Validate;
 
 use erp_core::error::AppError;
 use erp_core::rbac::require_permission;
@@ -17,7 +18,7 @@ use crate::state::DiaryState;
 // ---- 请求/响应 DTO ----
 
 /// 绑定孩子请求
-#[derive(Debug, Deserialize, ToSchema)]
+#[derive(Debug, Deserialize, Validate, ToSchema)]
 pub struct BindChildReq {
     /// 孩子的用户 ID
     pub child_id: Uuid,
@@ -42,7 +43,7 @@ pub struct ExportQuery {
 }
 
 /// 删除孩子数据请求
-#[derive(Debug, Deserialize, ToSchema)]
+#[derive(Debug, Deserialize, Validate, ToSchema)]
 pub struct DeleteChildDataReq {
     /// 孩子的用户 ID
     pub child_id: Uuid,