fix: pass through server 403 message instead of hardcoded '无权限'

The axios response interceptor was discarding the server's
permission-denied message (e.g. "缺少「用户列表」权限") and
replacing it with a generic "无权限". Now it reads the server
response body and surfaces the exact permission that's missing.

app/api/axios-client.ts

@@ -183,10 +183,8 @@ axiosInstance.interceptors.response.use(
     // 🔒 403 无权限错误处理
     if (isAxiosError(error) && error.response?.status === 403) {
       console.warn('⚠️ [403 Forbidden] 无权限访问:', error.config?.url);
-
-      // 修改错误消息为友好提示，避免显示原始的 "Request failed with status code 403"
-      // 注意：不在这里显示 toast，由组件层统一处理，避免重复提示
-      error.message = '无权限';
+      const serverMessage = (error.response?.data as any)?.message;
+      error.message = serverMessage || '无权限';
     }
 
     return Promise.reject(error);

app/routes/role-permissions._index.tsx

@@ -1194,8 +1194,9 @@ export default function RolePermissions() {
       setExpandedRouteIds([]); // 重置展开状态
       setRoleUsers(users);
     } catch (error) {
+      const errMsg = error instanceof Error ? error.message : '加载角色权限失败';
       console.error('加载角色权限失败:', error);
-      toastService.error('加载角色权限失败');
+      toastService.error(errMsg);
     } finally {
       setLoadingPermissions(false);  // v3.8: 结束加载权限
       setLoadingUsers(false);  // 结束加载用户列表