fix(ops): 修复日志级别过滤并增强OpenAI错误诊断日志

- 移除 warn 级别下 access info 的强制入库补写，确保运行时日志级别真实生效

- 将 OpenAI fallback matched 与 passthrough 断流提示按需求降级为 info

- 为 codex_cli_only 与 instructions required 场景补充请求诊断字段（含 User-Agent）

- 出于安全考虑移除请求体预览，仅保留 request_body_size 与白名单头信息

- 新增/更新回归测试，覆盖 Forward 入口到日志落库链路

backend/internal/server/middleware/logger.go

@@ -58,36 +58,6 @@ func Logger() gin.HandlerFunc {
 
 		l := logger.FromContext(c.Request.Context()).With(fields...)
 		l.Info("http request completed", zap.Time("completed_at", endTime))
-		// 当全局日志级别高于 info（如 warn/error）时，access info 不会进入 zap core，
-		// 这里补写一次 sink，保证 ops 系统日志仍可索引关键访问轨迹。
-		if !logger.L().Core().Enabled(logger.LevelInfo) {
-			sinkFields := map[string]any{
-				"component":    "http.access",
-				"status_code":  statusCode,
-				"latency_ms":   latency.Milliseconds(),
-				"client_ip":    clientIP,
-				"protocol":     protocol,
-				"method":       method,
-				"path":         path,
-				"completed_at": endTime,
-			}
-			if requestID, ok := c.Request.Context().Value(ctxkey.RequestID).(string); ok && requestID != "" {
-				sinkFields["request_id"] = requestID
-			}
-			if clientRequestID, ok := c.Request.Context().Value(ctxkey.ClientRequestID).(string); ok && clientRequestID != "" {
-				sinkFields["client_request_id"] = clientRequestID
-			}
-			if hasAccountID && accountID > 0 {
-				sinkFields["account_id"] = accountID
-			}
-			if platform != "" {
-				sinkFields["platform"] = platform
-			}
-			if model != "" {
-				sinkFields["model"] = model
-			}
-			logger.WriteSinkEvent("info", "http.access", "http request completed", sinkFields)
-		}
 
 		if len(c.Errors) > 0 {
 			l.Warn("http request contains gin errors", zap.String("errors", c.Errors.String()))