refactor: RBAC权限系统重构 + UI组件拆分 + 测试修复 + 架构文档

- RBAC: 新增30个权限点、DataScope行级权限、requirePermission守卫，所有57+ Server Action接入权限校验
- UI拆分: exam-form(1623行→11文件)、textbook-reader(744行→7文件)，均降至300行以内
- 测试: 新增5个单元测试文件(19用例)，修复4个集成测试文件(38用例全部通过)
- 架构文档: 新增架构影响地图(004/005)、标准功能清单(006)、差距审计报告(007)
- 项目规则: 架构图优先规则，改码必同步图
- 安全: rehype-sanitize净化、AES加密API Key、权限路由守卫
- 无障碍: skip-link、aria-label、prefers-reduced-motion
- 性能: next/font优化、next/image、代码分割

src/shared/hooks/use-permission.ts

@@ -0,0 +1,28 @@
+"use client"
+
+import { useSession } from "next-auth/react"
+import type { Permission } from "@/shared/types/permissions"
+
+export function usePermission() {
+  const { data: session } = useSession()
+  const permissions = (session?.user?.permissions ?? []) as Permission[]
+  const roles = (session?.user?.roles ?? []) as string[]
+
+  const hasPermission = (permission: Permission): boolean => {
+    return permissions.includes(permission)
+  }
+
+  const hasAnyPermission = (...perms: Permission[]): boolean => {
+    return perms.some((p) => permissions.includes(p))
+  }
+
+  const hasAllPermissions = (...perms: Permission[]): boolean => {
+    return perms.every((p) => permissions.includes(p))
+  }
+
+  const hasRole = (role: string): boolean => {
+    return roles.includes(role)
+  }
+
+  return { permissions, roles, hasPermission, hasAnyPermission, hasAllPermissions, hasRole }
+}