optimize: WeChat QR code auth flow and channel reliability

- Generate QR code server-side when iLink API returns SPA page URL
  (added qrcode + image crates for PNG generation)
- Strip bot_token from frontend response (new WeixinQrcodeStatusPublic type)
- Add request timeouts and shared HTTP client for QR code endpoints
- Fix TOCTOU race on reply_context double-lock (single lock scope)
- Extract do_send() helper to deduplicate sendmessage logic; resend now
  checks ret field for context expiry instead of HTTP status only
- Cap pending_messages buffer at 50 to prevent unbounded memory growth
- Generate stable X-WECHAT-UIN per backend instance instead of per request
- Extract ILINK_CHANNEL_VERSION constant (was hardcoded in 4 places)
- Add 5-minute client-side QR expiry timeout in frontend dialog
- Track consecutive polling errors and show warning after 3 failures
- Stabilise onAuthSuccess/onClose callback refs to prevent polling restarts
- Replace dead i18n key weixinOpenQrcode with weixinPollError

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/i18n/messages/fr.json

@@ -1719,7 +1719,7 @@
     "weixinQrcodeExpired": "QR code expiré.",
     "weixinRefreshQrcode": "Actualiser",
     "weixinWaitingScan": "En attente du scan...",
-    "weixinOpenQrcode": "Ouvrir le QR code dans le navigateur",
+    "weixinPollError": "Connexion instable, nouvelle tentative...",
     "connect": "Connecter",
     "disconnect": "Déconnecter",
     "test": "Tester la connexion",