fix(ops): 添加 token 相关字段白名单避免误脱敏

在敏感字段检测中添加白名单，排除 API 参数和用量统计字段：
- max_tokens, max_completion_tokens, max_output_tokens
- completion_tokens, prompt_tokens, total_tokens
- input_tokens, output_tokens
- cache_creation_input_tokens, cache_read_input_tokens

这些字段名虽然包含 "token" 但只是数值参数，不应被脱敏处理。

backend/internal/service/ops_service.go

@@ -424,6 +424,16 @@ func isSensitiveKey(key string) bool {
 		return false
 	}
 
+	// Whitelist: known non-sensitive fields that contain sensitive substrings
+	// (e.g., "max_tokens" contains "token" but is just an API parameter).
+	switch k {
+	case "max_tokens", "max_completion_tokens", "max_output_tokens",
+		"completion_tokens", "prompt_tokens", "total_tokens",
+		"input_tokens", "output_tokens",
+		"cache_creation_input_tokens", "cache_read_input_tokens":
+		return false
+	}
+
 	// Exact matches (common credential fields).
 	switch k {
 	case "authorization",