fix(auth): Extend JWT expiry to 24h + add friendly session expiration UX

Backend:
- Extend Access Token expiry from 2h to 24h (long operations like
  review/deep-research need sufficient time)
- Refresh Token remains 7 days

Frontend:
- Add sessionGuard.ts: centralized session expiration handler with
  auto token refresh and friendly modal prompt
- ASL fetch client: intercept 401, try refresh, retry on success,
  show friendly modal on failure (was: raw "Unauthorized" red error)
- Axios apiClient: replace alert() + bare redirect with friendly
  session expired modal (covers RVW, IIT, SSA, Admin, DC, PKB)

Tested: Token expiration flow verified, friendly modal displays correctly
Made-with: Cursor

backend/src/common/auth/jwt.service.ts

@@ -51,9 +51,9 @@ export interface DecodedToken extends JWTPayload {
 }
 
 // Token 配置
-const ACCESS_TOKEN_EXPIRES_IN = '2h';      // Access Token 2小时过期
+const ACCESS_TOKEN_EXPIRES_IN = '24h';     // Access Token 24小时过期（长操作如审稿/文献检索需要充足时间）
 const REFRESH_TOKEN_EXPIRES_IN = '7d';     // Refresh Token 7天过期
-const ACCESS_TOKEN_EXPIRES_SECONDS = 2 * 60 * 60;  // 7200秒
+const ACCESS_TOKEN_EXPIRES_SECONDS = 24 * 60 * 60;  // 86400秒
 
 /**
  * JWT Service 类