refactor: optimize middleware with pure ASGI implementation and enhance security measures

- Replace BaseHTTPMiddleware with pure ASGI implementation in plugin middleware for better streaming response handling
- Add trusted proxy count configuration for client IP extraction in reverse proxy environments
- Implement audit log cleanup scheduler with configurable retention period
- Replace plaintext token logging with SHA256 hash fingerprints for security
- Fix database session lifecycle management in middleware
- Improve request tracing and error logging throughout the system
- Add comprehensive tests for pipeline architecture

src/api/base/pipeline.py

@@ -177,7 +177,7 @@ class ApiRequestPipeline:
         if not authorization or not authorization.lower().startswith("bearer "):
             raise HTTPException(status_code=401, detail="缺少管理员凭证")
 
-        token = authorization.replace("Bearer ", "").strip()
+        token = authorization[7:].strip()
         try:
             payload = await self.auth_service.verify_token(token, token_type="access")
         except HTTPException:
@@ -204,7 +204,7 @@ class ApiRequestPipeline:
         if not authorization or not authorization.lower().startswith("bearer "):
             raise HTTPException(status_code=401, detail="缺少用户凭证")
 
-        token = authorization.replace("Bearer ", "").strip()
+        token = authorization[7:].strip()
         try:
             payload = await self.auth_service.verify_token(token, token_type="access")
         except HTTPException: