fix(@vben/web-antd): SSO callback 改走 body 传递 code/state

授权 code 原先以 query 形式发给 /system/sso/callback，会被 nginx access
log、浏览器历史和 Referer 捕获。改走 POST body，与后端 @RequestBody
SsoCallbackReqVO 对齐，避免一次性码泄露给中间层。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

apps/web-antd/src/api/core/sso.ts

@@ -36,12 +36,11 @@ export async function ssoCallback(
   redirectUri: string,
   state?: string,
 ): Promise<SsoApi.SsoCallbackResult> {
+  // 走 body 而非 query：避免 code 落入浏览器历史 / nginx access log。
+  // 后端对应 @RequestBody SsoCallbackReqVO。
   const raw = await requestClient.post<SsoApi.SsoCallbackRawResult>(
     '/system/sso/callback',
-    null,
-    {
-      params: { clientId, code, redirectUri, state },
-    },
+    { clientId, code, redirectUri, state },
   );
   return {
     accessToken: raw.access_token,