fix: 发布前审计 Batch 2 — Debug遮蔽 + unwrap + 静默吞错 + MCP锁 + 索引 + Config验证

安全:
- LlmConfig 自定义 Debug impl，api_key 显示为 "***REDACTED***"
- tsconfig.json 移除 ErrorBoundary.tsx 排除项（安全关键组件）
- billing/handlers.rs Response builder unwrap → map_err 错误传播
- classroom_commands/mod.rs db_path.parent().unwrap() → ok_or_else

静默吞错:
- approvals.rs 3处 warn→error（审批状态丢失是严重事件）
- events.rs publish() 添加 Event dropped debug 日志
- mcp_transport.rs eprintln→tracing::warn (僵尸进程风险)
- zclaw-growth sqlite.rs 4处迁移：区分 duplicate column name 与真实错误

MCP Transport:
- 合并 stdin+stdout 为单一 Mutex<TransportHandles>
- send_request write-then-read 原子化，防止并发响应错配

数据库:
- 新迁移 20260418000001: idx_rle_created_at + idx_billing_sub_plan + idx_ki_created_by

配置验证:
- SaaSConfig::load() 添加 jwt_expiration_hours>=1, max_connections>0, min<=max

crates/zclaw-growth/src/storage/sqlite.rs

@@ -162,22 +162,44 @@ impl SqliteStorage {
             .map_err(|e| ZclawError::StorageError(format!("Failed to create importance index: {}", e)))?;
 
         // Migration: add overview column (L1 summary)
-        let _ = sqlx::query("ALTER TABLE memories ADD COLUMN overview TEXT")
+        // SQLite ALTER TABLE ADD COLUMN fails with "duplicate column name" if already applied
+        if let Err(e) = sqlx::query("ALTER TABLE memories ADD COLUMN overview TEXT")
             .execute(&self.pool)
-            .await;
+            .await
+        {
+            let msg = e.to_string();
+            if !msg.contains("duplicate column name") {
+                tracing::warn!("[Growth] Migration overview failed: {}", msg);
+            }
+        }
 
         // Migration: add abstract_summary column (L0 keywords)
-        let _ = sqlx::query("ALTER TABLE memories ADD COLUMN abstract_summary TEXT")
+        if let Err(e) = sqlx::query("ALTER TABLE memories ADD COLUMN abstract_summary TEXT")
             .execute(&self.pool)
-            .await;
+            .await
+        {
+            let msg = e.to_string();
+            if !msg.contains("duplicate column name") {
+                tracing::warn!("[Growth] Migration abstract_summary failed: {}", msg);
+            }
+        }
 
         // P2-24: Migration — content fingerprint for deduplication
-        let _ = sqlx::query("ALTER TABLE memories ADD COLUMN content_hash TEXT")
+        if let Err(e) = sqlx::query("ALTER TABLE memories ADD COLUMN content_hash TEXT")
             .execute(&self.pool)
-            .await;
-        let _ = sqlx::query("CREATE INDEX IF NOT EXISTS idx_content_hash ON memories(content_hash)")
+            .await
+        {
+            let msg = e.to_string();
+            if !msg.contains("duplicate column name") {
+                tracing::warn!("[Growth] Migration content_hash failed: {}", msg);
+            }
+        }
+        if let Err(e) = sqlx::query("CREATE INDEX IF NOT EXISTS idx_content_hash ON memories(content_hash)")
             .execute(&self.pool)
-            .await;
+            .await
+        {
+            tracing::warn!("[Growth] Migration idx_content_hash failed: {}", e);
+        }
 
         // Backfill content_hash for existing entries that have NULL content_hash
         {