feat: 前端认证网关 + API 自动附加 JWT

- AuthProvider 管理 jumpToken 交换和 JWT 生命周期
- 未授权页面（ShieldX 图标 + 提示文字）
- 加载中旋转动画
- fetchJson 全局客户端自动附加 Authorization header
- 401 响应触发重新认证
- JWT 存 sessionStorage，刷新不丢失

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/modules/assets/api.ts

@@ -7,15 +7,10 @@ import type {
   CustomerStats,
   RegionalInventoryStats,
 } from './types';
+import { fetchJson } from '../../auth/api-client';
 
 const BASE = '/api/vehicles';
 
-async function fetchJson<T>(url: string): Promise<T> {
-  const res = await fetch(url);
-  if (!res.ok) throw new Error(`API error: ${res.status} ${res.statusText}`);
-  return res.json();
-}
-
 export async function fetchSummary(): Promise<SummaryData> {
   return fetchJson<SummaryData>(`${BASE}/summary`);
 }

src/modules/mileage/api.ts

@@ -1,13 +1,8 @@
 import type { MonitoringData, TargetSummary, TargetVehicle, TrendPoint } from './types';
+import { fetchJson } from '../../auth/api-client';
 
 const BASE = '/api/mileage';
 
-async function fetchJson<T>(url: string): Promise<T> {
-  const res = await fetch(url);
-  if (!res.ok) throw new Error(`API error: ${res.status} ${res.statusText}`);
-  return res.json();
-}
-
 export async function fetchMonitoring(params?: {
   sortBy?: string;
   sortOrder?: string;