feat: enhance SSL configuration with security warnings and logging

[CodeCasterX]

🔗 相关问题 / Related Issue

Issue 链接 / Issue Link: 无需创建 Issue / No issue needed

• 我已经创建了相关 Issue 并进行了讨论 / I have created and discussed the related issue
• 这是一个微小的修改（如错别字），不需要 Issue / This is a trivial change (like typo fix) that doesn't need an issue

📋 变更类型 / Type of Change

• 🐛 Bug 修复 / Bug fix (non-breaking change which fixes an issue)
• ✨ 新功能 / New feature (non-breaking change which adds functionality)
• 💥 破坏性变更 / Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 📚 文档更新 / Documentation update
• 🔧 重构 / Refactoring (no functional changes)
• ⚡ 性能优化 / Performance improvement
• 📦 依赖升级 / Dependency upgrade (update dependencies to newer versions)
• 🚀 功能增强 / Feature enhancement (improve existing functionality without breaking changes)
• 🧹 代码清理 / Code cleanup

📝 变更目的 / Purpose of the Change

GitHub CodeQL 安全扫描检测到了不安全的 TrustManager 实现（java/insecure-trustmanager）。虽然这是框架的有意设计（用于支持开发环境），但缺少明确的安全警告和日志记录。本次变更旨在增强安全警告机制，确保框架用户充分了解禁用证书验证的安全风险。

GitHub CodeQL security scan detected an insecure TrustManager implementation (java/insecure-trustmanager). While this is an intentional framework design (to support development environments), it lacks clear security warnings and logging. This change aims to enhance the security warning mechanism to ensure framework users are fully aware of the security risks of disabling certificate validation.

📋 主要变更 / Brief Changelog

• 在启用 CLIENT_SECURE_IGNORE_TRUST 配置时添加醒目的安全警告日志 / Add prominent security warning logs when CLIENT_SECURE_IGNORE_TRUST is enabled
• 在 TrustManager 的证书验证方法中添加详细的调试日志，记录被忽略的证书信息 / Add detailed debug logging in TrustManager methods to record bypassed certificate information
• 优化空指针风险，简化 SSL 配置逻辑 / Fix potential NPE risk and simplify SSL configuration logic
• 添加 JavaDoc 文档，明确说明安全风险和使用场景 / Add JavaDoc documentation to clearly describe security risks and usage scenarios
• 使用 @SuppressWarnings 注解标记这是框架的有意设计 / Use @SuppressWarnings annotation to mark this as intentional framework design

🧪 验证变更 / Verifying this Change

测试步骤 / Test Steps

1. 配置 CLIENT_SECURE_IGNORE_TRUST=true 启动应用 / Configure CLIENT_SECURE_IGNORE_TRUST=true and start the application
2. 观察控制台输出，确认显示安全警告日志 / Check console output to confirm security warning logs are displayed
3. 在调试模式下运行，验证证书信息被正确记录 / Run in debug mode to verify certificate information is properly logged
4. 配置 CLIENT_SECURE_IGNORE_TRUST=false，确认不显示警告日志 / Configure CLIENT_SECURE_IGNORE_TRUST=false and confirm no warning logs appear

测试覆盖 / Test Coverage

• 我已经添加了单元测试 / I have added unit tests
• 所有现有测试都通过 / All existing tests pass
• 我已经进行了手动测试 / I have performed manual testing

📸 截图 / Screenshots

安全警告日志示例 / Security warning log example:

========================================================
SECURITY WARNING: SSL/TLS Certificate Validation DISABLED!
This configuration is INSECURE and should NEVER be used in production!
Your application is vulnerable to man-in-the-middle attacks!
Current setting: CLIENT_SECURE_IGNORE_TRUST = true
========================================================

✅ 贡献者检查清单 / Contributor Checklist

基本要求 / Basic Requirements:

• 确保有 GitHub Issue 对应这个变更（微小变更如错别字除外）/ Make sure there is a Github issue filed for the change (trivial changes like typos excluded)
• 你的 Pull Request 只解决一个 Issue，没有包含其他不相关的变更 / Your PR addresses just this issue, without pulling in other changes - one PR resolves one issue
• PR 中的每个 commit 都有有意义的主题行和描述 / Each commit in the PR has a meaningful subject line and body

代码质量 / Code Quality:

• 我的代码遵循项目的代码规范 / My code follows the project's coding standards
• 我已经进行了自我代码审查 / I have performed a self-review of my code
• 我已经为复杂的代码添加了必要的注释 / I have commented my code, particularly in hard-to-understand areas

测试要求 / Testing Requirements:

• 我已经编写了必要的单元测试来验证逻辑正确性 / I have written necessary unit-tests to verify the logic correction
• 当存在跨模块依赖时，我尽量使用了 mock / I have used mocks when cross-module dependencies exist
• 基础检查通过：mvn -B clean package -Dmaven.test.skip=true，elsa README 中的编译检查 / Basic checks pass
• 单元测试通过：mvn clean install / Unit tests pass

文档和兼容性 / Documentation and Compatibility:

• 我已经更新了相应的文档 / I have made corresponding changes to the documentation
• 如果有破坏性变更，我已经在 PR 描述中详细说明 / If there are breaking changes, I have documented them in detail
• 我已经考虑了向后兼容性 / I have considered backward compatibility

📋 附加信息 / Additional Notes

1. 关于 GitHub 安全告警 / About GitHub Security Alert:

   • 已通过 "Won't fix" 方式 dismiss 了 CodeQL 的安全告警，因为这是框架的有意设计 / Dismissed the CodeQL security alert as "Won't fix" since this is an intentional framework design
   • 通过增强日志和文档来管理安全风险 / Managing security risks through enhanced logging and documentation

2. 向后兼容性 / Backward Compatibility:

   • 所有变更都是非破坏性的，仅添加了日志和文档 / All changes are non-breaking, only adding logs and documentation
   • 现有配置和行为保持不变 / Existing configuration and behavior remain unchanged

3. 后续建议 / Follow-up Suggestions:

   • 考虑在未来版本中添加配置验证工具类 / Consider adding a configuration validation utility class in future versions
   • 可以在 README 或项目文档中添加安全最佳实践章节 / Could add a security best practices section in README or project documentation

---

审查者注意事项 / Reviewer Notes:

这个 PR 主要是响应 GitHub CodeQL 的安全扫描结果，增强了框架的安全警告机制。请重点关注：

• 日志级别是否合适（使用了 warn 级别）
• JavaDoc 文档描述是否清晰
• 代码逻辑简化是否正确

This PR primarily responds to GitHub CodeQL security scan results by enhancing the framework's security warning mechanism. Please focus on:

• Whether the log level is appropriate (using warn level)
• Whether the JavaDoc documentation is clear
• Whether the code logic simplification is correct