feat(login): 二级密码登录支持（STATUS_SECONDARY_PASSCODE_ERROR #1）

## 问题
旧版 Flutter 项目在 /vcode/check 返回 30164 时展示二级密码输入界面；
新版完全缺失此路径，有二级密码的账号无法登录。

## 改动

### networks_sdk
- `networks_sdk_method_channel_datasource.dart`：executeRequest 的
  generic catch 改为 rethrow，允许 decodeResponse override 抛出
  自定义业务异常（原为 ApiError.unknown 包裹导致数据丢失）

### 数据层
- `errors.dart`：新增 `secondaryPasscodeRequired = 30164`
- `exceptions.dart`（新增）：`SecondaryPasscodeRequiredException`
  携带 vcodeToken / recoveryEmail / hint / resetStatus
- `verify_otp_request.dart`：override decodeResponse，拦截 30164，
  从响应 data 提取字段，throw SecondaryPasscodeRequiredException
- `login_request.dart`：新增可选 password 字段 + toJson override
  （条件序列化，null 时不带 password 字段）
- `auth_repository.dart`：新增 loginWithPasscode() 接口
- `auth_repository_impl.dart`：实现 loginWithPasscode()

### 业务层
- `login_usecase.dart`：新增 loginWithSecondaryPasscode()
  （MD5 哈希 passcode → 调 AuthRepository.loginWithPasscode）
- `pubspec.yaml`：新增 crypto: ^3.0.6（用于 MD5）

### UI 层
- `login_state.dart`：新增 LoginStep.secondaryPasscode
  + vcodeToken / passcodeHint / recoveryEmail 字段
- `login_view_model.dart`：verifyAndLogin 捕获 SecondaryPasscodeRequiredException
  跳转步骤 3；新增 verifyPasscode()
- `login_secondary_passcode_step.dart`（新增）：密码输入 UI（hint 显示、
  obscured 输入框、错误提示、忘记密码占位）
- `login_page.dart`：switch 路由接入 LoginStep.secondaryPasscode

apps/im_app/lib/data/remote/login_request.dart

@@ -182,9 +182,32 @@ class LoginRequest extends ApiRequestable<LoginResponse>
   @JsonKey(name: 'vcode_token')
   final String vcodeToken;
 
+  /// 二级密码（MD5 哈希后的值）。
+  /// 账号未设置二级密码时传 null，字段不序列化到请求体。
+  /// 对齐旧版：`accountLogin({String? password})` → 有值才加入 dataBody
+  @JsonKey(name: 'password', includeToJson: false) // 由下方 toJson() 手动控制
+  final String? password;
+
   LoginRequest({
     required this.countryCode,
     required this.contact,
     required this.vcodeToken,
+    this.password,
   });
+
+  /// 手动 override toJson() 以支持 password 条件序列化。
+  /// 类的 override 优先于 mixin（_$LoginRequestApi.toJson），
+  /// 即使 build_runner 重新生成 .g.dart 也不影响此行为。
+  @override
+  Map<String, dynamic> toJson() {
+    final map = <String, dynamic>{
+      'country_code': countryCode,
+      'contact': contact,
+      'vcode_token': vcodeToken,
+    };
+    if (password != null) {
+      map['password'] = password;
+    }
+    return map;
+  }
 }

apps/im_app/lib/data/remote/verify_otp_request.dart

@@ -1,7 +1,10 @@
+import 'package:dio/dio.dart';
 import 'package:json_annotation/json_annotation.dart';
 import 'package:networks_sdk/networks_sdk.dart';
 
 import 'package:im_app/core/foundation/api_paths.dart';
+import 'package:im_app/core/foundation/errors.dart';
+import 'package:im_app/core/foundation/exceptions.dart';
 
 part 'verify_otp_request.g.dart';
 
@@ -61,4 +64,29 @@ class VerifyOtpRequest extends ApiRequestable<VerifyOtpResponse>
     this.email = '',
     this.type = 1,
   });
+
+  /// 拦截二级密码错误码 30164，将服务端 data 中的 vcode_token 等字段
+  /// 包装为 [SecondaryPasscodeRequiredException] 抛出，供上层导航至
+  /// 二级密码输入界面。其余情况委托给基类处理。
+  @override
+  VerifyOtpResponse? decodeResponse(Response response) {
+    if (response.data is Map<String, dynamic>) {
+      final json = response.data as Map<String, dynamic>;
+      final rawCode = json['code'];
+      final code = rawCode is int
+          ? rawCode
+          : int.tryParse(rawCode?.toString() ?? '') ?? 0;
+
+      if (code == ApiErrorCodes.secondaryPasscodeRequired) {
+        final data = json['data'] as Map<String, dynamic>?;
+        throw SecondaryPasscodeRequiredException(
+          vcodeToken: data?['vcode_token'] as String? ?? '',
+          recoveryEmail: data?['recovery_email'] as String? ?? '',
+          hint: data?['hint'] as String? ?? '',
+          resetStatus: data?['reset_status'] as bool? ?? false,
+        );
+      }
+    }
+    return super.decodeResponse(response);
+  }
 }

apps/im_app/lib/data/repositories/auth_repository_impl.dart

@@ -94,6 +94,31 @@ class AuthRepositoryImpl implements AuthRepository {
     return response.toEntity();
   }
 
+  @override
+  Future<User> loginWithPasscode({
+    required String countryCode,
+    required String contact,
+    required String vcodeToken,
+    required String passwordMd5,
+  }) async {
+    final response = await _client.executeRequest(
+      LoginRequest(
+        countryCode: countryCode,
+        contact: contact,
+        vcodeToken: vcodeToken,
+        password: passwordMd5,
+      ),
+    );
+
+    if (response == null) {
+      throw Exception('Login with passcode failed: empty response');
+    }
+
+    _onTokenUpdate(response.accessToken);
+
+    return response.toEntity();
+  }
+
   @override
   Future<void> logout() async {
     await _client.executeRequest(LogoutRequest());