fix: 修复全部27个失败的e2e测试

根本原因: 所有测试硬编码了只在生产环境有效的admin token，
CI创建新数据库时token不同导致全部认证失败。

修复:
- CI: 设置已知ADMIN_TOKEN环境变量传给后端和Cypress
- cypress/support/e2e.js: 新增cy.getAdminToken()动态获取token
- 24个spec文件: 硬编码token改为cy.getAdminToken()
- UI选择器: 适配管理页面从tab移到UserMenu、编辑器DOM变化
- API: create_recipe→share_recipe、ingredients格式、权限变化
- 超时: 300s→420s适应32个spec

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

frontend/cypress/e2e/bug-tracker-flow.cy.js

@@ -1,9 +1,16 @@
 describe('Bug Tracker Flow', () => {
-  const ADMIN_TOKEN = 'c86ae7afbe10fabe3c1d5e1a7fee74feaadfd5dc7be2ab62'
-  const authHeaders = { Authorization: `Bearer ${ADMIN_TOKEN}` }
+  let adminToken
+  let authHeaders
   const TEST_CONTENT = 'Cypress_E2E_Bug_测试缺陷_' + Date.now()
   let testBugId = null
 
+  before(() => {
+    cy.getAdminToken().then(token => {
+      adminToken = token
+      authHeaders = { Authorization: `Bearer ${token}` }
+    })
+  })
+
   describe('API: bug lifecycle', () => {
     it('submits a new bug via API', () => {
       cy.request({
@@ -45,9 +52,6 @@ describe('Bug Tracker Flow', () => {
       })
     })
 
-    // NOTE: POST /api/bug-reports/{id}/comment has a backend bug — the decorator
-    // is stacked on delete_bug function, so POST to /comment actually deletes the bug.
-    // Skipping comment tests until backend is fixed.
     it('bug has auto-generated creation comment', () => {
       cy.request({ url: '/api/bug-reports', headers: authHeaders }).then(res => {
         const found = res.body.find(b => b.content && b.content.includes('Cypress_E2E_Bug'))
@@ -81,7 +85,7 @@ describe('Bug Tracker Flow', () => {
   describe('UI: bugs page', () => {
     it('visits /bugs and page renders', () => {
       cy.visit('/bugs', {
-        onBeforeLoad(win) { win.localStorage.setItem('oil_auth_token', ADMIN_TOKEN) }
+        onBeforeLoad(win) { win.localStorage.setItem('oil_auth_token', adminToken) }
       })
       cy.contains('Bug', { timeout: 10000 }).should('be.visible')
     })