重构数据权限模型并清理旧RBAC代码

核心变更：
- 数据权限过滤从基于账号层级改为基于用户类型的多策略过滤
- 移除 AccountStore 中的 GetSubordinateIDs 等旧方法
- 重构认证中间件，支持 enterprise_id 和 customer_id
- 更新 GORM Callback，根据用户类型自动选择过滤策略（代理/企业/个人客户）
- 更新所有集成测试以适配新的 API 签名
- 添加功能总结文档和 OpenSpec 归档

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

tests/integration/permission_test.go

@@ -117,7 +117,7 @@ func TestPermissionAPI_Create(t *testing.T) {
 	// 添加测试中间件
 	testUserID := uint(1)
 	env.app.Use(func(c *fiber.Ctx) error {
-		ctx := middleware.SetUserContext(c.UserContext(), testUserID, constants.UserTypeSuperAdmin, 0)
+		ctx := middleware.SetUserContext(c.UserContext(), middleware.NewSimpleUserContext(testUserID, constants.UserTypeSuperAdmin, 0))
 		c.SetUserContext(ctx)
 		return c.Next()
 	})
@@ -221,7 +221,7 @@ func TestPermissionAPI_Get(t *testing.T) {
 	// 添加测试中间件
 	testUserID := uint(1)
 	env.app.Use(func(c *fiber.Ctx) error {
-		ctx := middleware.SetUserContext(c.UserContext(), testUserID, constants.UserTypeSuperAdmin, 0)
+		ctx := middleware.SetUserContext(c.UserContext(), middleware.NewSimpleUserContext(testUserID, constants.UserTypeSuperAdmin, 0))
 		c.SetUserContext(ctx)
 		return c.Next()
 	})
@@ -267,7 +267,7 @@ func TestPermissionAPI_Update(t *testing.T) {
 	// 添加测试中间件
 	testUserID := uint(1)
 	env.app.Use(func(c *fiber.Ctx) error {
-		ctx := middleware.SetUserContext(c.UserContext(), testUserID, constants.UserTypeSuperAdmin, 0)
+		ctx := middleware.SetUserContext(c.UserContext(), middleware.NewSimpleUserContext(testUserID, constants.UserTypeSuperAdmin, 0))
 		c.SetUserContext(ctx)
 		return c.Next()
 	})
@@ -310,7 +310,7 @@ func TestPermissionAPI_Delete(t *testing.T) {
 	// 添加测试中间件
 	testUserID := uint(1)
 	env.app.Use(func(c *fiber.Ctx) error {
-		ctx := middleware.SetUserContext(c.UserContext(), testUserID, constants.UserTypeSuperAdmin, 0)
+		ctx := middleware.SetUserContext(c.UserContext(), middleware.NewSimpleUserContext(testUserID, constants.UserTypeSuperAdmin, 0))
 		c.SetUserContext(ctx)
 		return c.Next()
 	})
@@ -346,7 +346,7 @@ func TestPermissionAPI_List(t *testing.T) {
 	// 添加测试中间件
 	testUserID := uint(1)
 	env.app.Use(func(c *fiber.Ctx) error {
-		ctx := middleware.SetUserContext(c.UserContext(), testUserID, constants.UserTypeSuperAdmin, 0)
+		ctx := middleware.SetUserContext(c.UserContext(), middleware.NewSimpleUserContext(testUserID, constants.UserTypeSuperAdmin, 0))
 		c.SetUserContext(ctx)
 		return c.Next()
 	})
@@ -390,7 +390,7 @@ func TestPermissionAPI_GetTree(t *testing.T) {
 	// 添加测试中间件
 	testUserID := uint(1)
 	env.app.Use(func(c *fiber.Ctx) error {
-		ctx := middleware.SetUserContext(c.UserContext(), testUserID, constants.UserTypeSuperAdmin, 0)
+		ctx := middleware.SetUserContext(c.UserContext(), middleware.NewSimpleUserContext(testUserID, constants.UserTypeSuperAdmin, 0))
 		c.SetUserContext(ctx)
 		return c.Next()
 	})