fix(安全): 修复依赖漏洞并强化安全扫描

主要改动：
- 固定 Go 1.25.5 与 CI 校验并更新扫描流程
- 升级 quic-go、x/crypto、req 等依赖并通过 govulncheck
- 强化 JWT 校验、TLS 配置与 xlsx 动态加载
- 新增审计豁免清单与校验脚本

.github/workflows/release.yml

@@ -104,9 +104,14 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.24'
+          go-version-file: backend/go.mod
+          check-latest: false
           cache-dependency-path: backend/go.sum
 
+      - name: Verify Go version
+        run: |
+          go version | grep -q 'go1.25.5'
+
       # Docker setup for GoReleaser
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3