fix(electron): enable mediaDevices on HTTP origins and fix voice auth

- Add --unsafely-treat-insecure-origin-as-secure flag for dev/uat URLs
- Set auto-granted permission handlers for mic/camera in main process
- Adapt useVoiceRoom error message for Electron (no Chrome flags hint)
- Add debug logging to voice-token service and frontend voice API

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/voice-token-service/server.js

@@ -13,19 +13,32 @@ app.post('/api/voice-token/:sessionId', async (req, res) => {
   try {
     const { sessionId } = req.params
     const authHeader = req.headers.authorization
+    console.log('Voice token request:', { sessionId, authHeader: authHeader ? authHeader.slice(0, 20) + '...' : null })
+
     if (!authHeader) {
+      console.log('Missing auth header')
       return res.status(401).json({ error: '未登录' })
     }
 
     // 验证用户 token — 调用 PocketBase
-    const pbRes = await fetch(`${PB_URL}/api/collections/users/auth-refresh`, {
+    const pbRefreshUrl = `${PB_URL}/api/collections/users/auth-refresh`
+    console.log('Calling PB auth-refresh:', pbRefreshUrl)
+    const pbRes = await fetch(pbRefreshUrl, {
       method: 'POST',
-      headers: { Authorization: authHeader },
+      headers: {
+        Authorization: authHeader,
+        'Content-Type': 'application/json',
+      },
+      body: '{}',
     })
+    console.log('PB auth-refresh status:', pbRes.status)
     if (!pbRes.ok) {
-      return res.status(401).json({ error: '认证失败' })
+      const pbBody = await pbRes.text().catch(() => 'unknown')
+      console.log('PB auth-refresh error body:', pbBody)
+      return res.status(401).json({ error: '认证失败', detail: pbBody })
     }
     const userData = await pbRes.json()
+    console.log('PB auth-refresh success, userId:', userData.record?.id)
     const userId = userData.record?.id
     const userName = userData.record?.name || userData.record?.username || userId
     if (!userId) {