feat: 扩展风险规则体系、审批动态路由与预算中心列表化改造

- 新增 25+ 条风险规则（预算/报销/申请/通用类），完善风险规则模拟与反馈发布机制
- 引入费用审批动态路由、平台风险分级、预审与风险阶段管理
- 预算中心列表化改造，优化票据夹仪表盘与数字员工工作看板
- 新增 Hermes 风险线索收集器、Agent 链路追踪中心
- 扩展数字员工能力库（18 个领域 Skill）与交通费用自动预估
- 完善报销申请快速预览、权限控制与前端测试覆盖

web/tests/api-request.test.mjs

@@ -52,6 +52,10 @@ async function testInjectsAuthenticatedUserHeaders() {
       JSON.stringify({
         username: 'admin',
         name: 'Admin User',
+        employeePosition: 'System Manager',
+        employeeGrade: 'M5',
+        employeeNo: 'E-001',
+        managerName: 'Approver User',
         roleCodes: ['manager'],
         isAdmin: true
       })
@@ -82,6 +86,10 @@ async function testInjectsAuthenticatedUserHeaders() {
 
   assert.equal(capturedOptions.headers['x-auth-username'], 'admin')
   assert.equal(capturedOptions.headers['x-auth-name'], 'Admin User')
+  assert.equal(capturedOptions.headers['x-auth-position'], 'System Manager')
+  assert.equal(capturedOptions.headers['x-auth-grade'], 'M5')
+  assert.equal(capturedOptions.headers['x-auth-employee-no'], 'E-001')
+  assert.equal(capturedOptions.headers['x-auth-manager-name'], 'Approver User')
   assert.equal(capturedOptions.headers['x-auth-role-codes'], 'manager')
   assert.equal(capturedOptions.headers['x-auth-is-admin'], 'true')
 }