fix: 修复 gosec 配置文件格式错误导致 CI 失败

gosec -conf 只支持 JSON 格式，将 .gosec.yaml 转换为 .gosec.json

.github/workflows/security-scan.yml

@@ -32,7 +32,7 @@ jobs:
         working-directory: backend
         run: |
           go install github.com/securego/gosec/v2/cmd/gosec@latest
-          gosec -conf .gosec.yaml -severity high -confidence high ./...
+          gosec -conf .gosec.json -severity high -confidence high ./...
 
   frontend-security:
     runs-on: ubuntu-latest

backend/.gosec.json

@@ -0,0 +1,5 @@
+{
+  "global": {
+    "exclude": "G704"
+  }
+}

backend/.gosec.yaml

@@ -1,7 +0,0 @@
-global:
-  # Exclude G704 (SSRF via taint analysis) - this is an API gateway platform
-  # that by design proxies requests to configurable upstream services.
-  # All upstream URLs are sourced from admin-configured settings or known
-  # third-party API endpoints, not from end-user input.
-  exclude:
-    - G704