feat(auth): integrate Aliyun SMS verification flow with docs update

Wire auth verification-code delivery to Aliyun SMS with mock fallback, config validation, and a standalone SMS smoke-test script. Update deployment checklist and system status docs with required env vars and rollout notes.

Made-with: Cursor

backend/.env.example

@@ -1,4 +1,4 @@
-# Database
+# Database
 DATABASE_URL=postgresql://postgres:postgres123@localhost:5432/ai_clinical_research?schema=public
 
 # Redis
@@ -8,6 +8,17 @@ REDIS_URL=redis://localhost:6379
 JWT_SECRET=your-secret-key-change-in-production
 JWT_EXPIRES_IN=7d
 
+# SMS (Auth Verification Code)
+# development: mock / production: aliyun
+SMS_PROVIDER=mock
+SMS_ENDPOINT=dysmsapi.aliyuncs.com
+SMS_SIGN_NAME=你的短信签名
+SMS_TEMPLATE_CODE_LOGIN=SMS_xxx
+SMS_TEMPLATE_CODE_RESET=SMS_xxx
+# 阿里云凭据（AK 方式，生产建议改为 RAM 角色等无 AK 方式）
+ALIBABA_CLOUD_ACCESS_KEY_ID=your-access-key-id
+ALIBABA_CLOUD_ACCESS_KEY_SECRET=your-access-key-secret
+
 # LLM API
 DEEPSEEK_API_KEY=sk-7f8cc37a79fa4799860b38fc7ba2e150
 DASHSCOPE_API_KEY=sk-75b4ff29a14a49e79667a331034f3298