refactor: 使用行业标准方案重构服务重启逻辑

重构内容：
- 移除复杂的 sudo systemctl restart 方案
- 改用 os.Exit(0) + systemd Restart=always 的标准做法
- 删除 sudoers 配置及相关代码
- 删除 sub2api-sudoers 文件

优势：
- 代码从 85+ 行简化到 47 行
- 无需 sudo 权限配置
- 无需特殊用户 shell 配置
- 更简单、更可靠
- 符合行业最佳实践（Docker/K8s 等均采用此方案）

工作原理：
- 服务调用 os.Exit(0) 优雅退出
- systemd 检测到退出后自动重启（Restart=always）

deploy/install.sh

@@ -73,9 +73,6 @@ declare -A MSG_ZH=(
     ["dirs_configured"]="目录配置完成"
     ["installing_service"]="正在安装 systemd 服务..."
     ["service_installed"]="systemd 服务已安装"
-    ["setting_up_sudoers"]="正在配置 sudoers..."
-    ["sudoers_configured"]="sudoers 配置完成"
-    ["sudoers_failed"]="sudoers 验证失败，已移除文件"
     ["ready_for_setup"]="准备就绪，可以启动设置向导"
 
     # Completion
@@ -173,9 +170,6 @@ declare -A MSG_EN=(
     ["dirs_configured"]="Directories configured"
     ["installing_service"]="Installing systemd service..."
     ["service_installed"]="Systemd service installed"
-    ["setting_up_sudoers"]="Setting up sudoers..."
-    ["sudoers_configured"]="Sudoers configured"
-    ["sudoers_failed"]="Sudoers validation failed, removing file"
     ["ready_for_setup"]="Ready for Setup Wizard"
 
     # Completion
@@ -521,35 +515,6 @@ setup_directories() {
     print_success "$(msg 'dirs_configured')"
 }
 
-# Setup sudoers for service restart
-setup_sudoers() {
-    print_info "$(msg 'setting_up_sudoers')"
-
-    # Always generate sudoers file from script (not from tar.gz)
-    # This ensures the latest configuration is used even with older releases
-    # Support both /bin/systemctl and /usr/bin/systemctl for different distros
-    cat > /etc/sudoers.d/sub2api << 'EOF'
-# Sudoers configuration for Sub2API
-sub2api ALL=(ALL) NOPASSWD: /bin/systemctl restart sub2api
-sub2api ALL=(ALL) NOPASSWD: /bin/systemctl stop sub2api
-sub2api ALL=(ALL) NOPASSWD: /bin/systemctl start sub2api
-sub2api ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart sub2api
-sub2api ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop sub2api
-sub2api ALL=(ALL) NOPASSWD: /usr/bin/systemctl start sub2api
-EOF
-
-    # Set correct permissions (required for sudoers files)
-    chmod 440 /etc/sudoers.d/sub2api
-
-    # Validate sudoers file
-    if visudo -c -f /etc/sudoers.d/sub2api &>/dev/null; then
-        print_success "$(msg 'sudoers_configured')"
-    else
-        print_warning "$(msg 'sudoers_failed')"
-        rm -f /etc/sudoers.d/sub2api
-    fi
-}
-
 # Install systemd service
 install_service() {
     print_info "$(msg 'installing_service')"
@@ -716,7 +681,6 @@ uninstall() {
 
     print_info "$(msg 'removing_files')"
     rm -f /etc/systemd/system/sub2api.service
-    rm -f /etc/sudoers.d/sub2api
     systemctl daemon-reload
 
     print_info "$(msg 'removing_install_dir')"
@@ -787,7 +751,6 @@ main() {
     create_user
     setup_directories
     install_service
-    setup_sudoers
     prepare_for_setup
     print_completion
 }

deploy/sub2api-sudoers

@@ -1,17 +0,0 @@
-# Sudoers configuration for Sub2API
-# This file allows the sub2api service user to restart the service without password
-#
-# Installation:
-#   sudo cp sub2api-sudoers /etc/sudoers.d/sub2api
-#   sudo chmod 440 /etc/sudoers.d/sub2api
-#
-# SECURITY NOTE: This grants limited sudo access only for service management
-
-# Allow sub2api user to restart the service without password
-# Support both /bin/systemctl (Debian/Ubuntu) and /usr/bin/systemctl (RHEL/CentOS)
-sub2api ALL=(ALL) NOPASSWD: /bin/systemctl restart sub2api
-sub2api ALL=(ALL) NOPASSWD: /bin/systemctl stop sub2api
-sub2api ALL=(ALL) NOPASSWD: /bin/systemctl start sub2api
-sub2api ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart sub2api
-sub2api ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop sub2api
-sub2api ALL=(ALL) NOPASSWD: /usr/bin/systemctl start sub2api