feat(yggdrasil): implement standard error responses and UUID format improvements

- Add YggdrasilErrorResponse struct and standard error codes for protocol compliance
- Change UUID storage from varchar(36) to varchar(32) for unsigned format
- Add utility functions: GenerateUUID, FormatUUIDToNoDash, RandomHex
- Support unsigned query parameter in GetProfileByUUID endpoint
- Improve refresh token response with available profiles list
- Fix key pair retrieval to use correct database column (rsa_private_key)
- Update UUID validator to accept both 32-char and 36-char formats
- Add SignStringWithProfileRSA method for profile-specific signing
- Fix profile assignment validation in refresh token flow

internal/service/signature_service.go

@@ -274,3 +274,26 @@ func FormatPublicKey(publicKeyPEM string) string {
 	}
 	return strings.Join(keyLines, "")
 }
+
+// SignStringWithProfileRSA 使用Profile的RSA私钥签名字符串
+func (s *SignatureService) SignStringWithProfileRSA(data string, privateKeyPEM string) (string, error) {
+	// 解析PEM格式的私钥
+	block, _ := pem.Decode([]byte(privateKeyPEM))
+	if block == nil {
+		return "", fmt.Errorf("解析PEM私钥失败")
+	}
+
+	privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	if err != nil {
+		return "", fmt.Errorf("解析RSA私钥失败: %w", err)
+	}
+
+	// 签名
+	hashed := sha1.Sum([]byte(data))
+	signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA1, hashed[:])
+	if err != nil {
+		return "", fmt.Errorf("签名失败: %w", err)
+	}
+
+	return base64.StdEncoding.EncodeToString(signature), nil
+}