fix(electron): enable mediaDevices on HTTP origins and fix voice auth

- Add --unsafely-treat-insecure-origin-as-secure flag for dev/uat URLs
- Set auto-granted permission handlers for mic/camera in main process
- Adapt useVoiceRoom error message for Electron (no Chrome flags hint)
- Add debug logging to voice-token service and frontend voice API

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

frontend/src/api/voice.ts

@@ -12,6 +12,7 @@ export async function fetchVoiceToken(sessionId: string): Promise<string> {
   if (!user) throw new Error('未登录')
 
   const token = pb.authStore.token
+  console.log('[voice] fetching token for session:', sessionId, 'token prefix:', token?.slice(0, 20))
 
   const res = await fetch(`/voice-api/voice-token/${sessionId}`, {
     method: 'POST',
@@ -21,9 +22,11 @@ export async function fetchVoiceToken(sessionId: string): Promise<string> {
     },
   })
 
+  console.log('[voice] token service response status:', res.status)
   if (!res.ok) {
     const data = await res.json().catch(() => ({ error: '语音服务暂不可用' }))
-    throw new Error(data.error || '语音服务暂不可用')
+    console.log('[voice] token service error:', data)
+    throw new Error(data.error || data.detail || '语音服务暂不可用')
   }
 
   const data = await res.json()