refactor: 数据权限过滤从 GORM Callback 改为 Store 层显式调用

- 移除 RegisterDataPermissionCallback 和 SkipDataPermission 机制
- 在 Auth 中间件预计算 SubordinateShopIDs 并注入 Context
- 新增 ApplyShopFilter/ApplyEnterpriseFilter/ApplyOwnerShopFilter 等 Helper 函数
- 所有 Store 层查询方法显式调用数据权限过滤函数
- 权限检查函数 CanManageShop/CanManageEnterprise 改为从 Context 获取数据

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

internal/service/auth/service.go

@@ -10,7 +10,6 @@ import (
 	"github.com/break/junhong_cmp_fiber/pkg/auth"
 	"github.com/break/junhong_cmp_fiber/pkg/constants"
 	"github.com/break/junhong_cmp_fiber/pkg/errors"
-	pkgGorm "github.com/break/junhong_cmp_fiber/pkg/gorm"
 	"go.uber.org/zap"
 	"golang.org/x/crypto/bcrypt"
 	"gorm.io/gorm"
@@ -47,8 +46,6 @@ func New(
 }
 
 func (s *Service) Login(ctx context.Context, req *dto.LoginRequest, clientIP string) (*dto.LoginResponse, error) {
-	ctx = pkgGorm.SkipDataPermission(ctx)
-
 	account, err := s.accountStore.GetByUsernameOrPhone(ctx, req.Username)
 	if err != nil {
 		if err == gorm.ErrRecordNotFound {