feat: 后端用户认证和权限过滤

- 新增 auth 模块：jumpToken 代理交换、用户信息获取、JWT 签发
- 三级权限：full(所有权限/数智中心/BI-Leader)、department(BI-Leader-Dep)、personal
- 添加 managerId 到车辆数据模型，支持个人级别按 userId 精确过滤
- auth 中间件保护所有 /api/* 端点（跳过 /api/health 和 /api/auth/*）
- 所有路由集成 filterByPermission 权限过滤

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/server/routes/mileage/vehicle-info.ts

@@ -7,6 +7,7 @@ export const VEHICLE_INFO_SQL = `SELECT
     cus.customer_name AS customer,
     dep.dep_name AS department,
     u.user_name AS manager,
+    CAST(c.bd AS CHAR) AS manager_id,
     dic_status.dic_name AS rent_status,
     org_truck.org_name AS entity,
     c.project_name AS project