fix: 修复 gosec 配置文件格式错误导致 CI 失败

gosec -conf 只支持 JSON 格式，将 .gosec.yaml 转换为 .gosec.json

backend/.gosec.json

@@ -0,0 +1,5 @@
+{
+  "global": {
+    "exclude": "G704"
+  }
+}

backend/.gosec.yaml

@@ -1,7 +0,0 @@
-global:
-  # Exclude G704 (SSRF via taint analysis) - this is an API gateway platform
-  # that by design proxies requests to configurable upstream services.
-  # All upstream URLs are sourced from admin-configured settings or known
-  # third-party API endpoints, not from end-user input.
-  exclude:
-    - G704