fix(config): 放宽签名验证与CORS放行逻辑

- 把允许时间差由20秒调到200秒，防止弱网重放失败
- 把nonce缓存过期由30秒延长到300秒，减少误拒
- 在SaToken放行列表里新增/user/sendVerifyMail，确保验证码接口无需登录
- 仅调整顺序与注释，无功能删减

src/main/java/com/yolo/keyborad/Interceptor/SignInterceptor.java

@@ -27,9 +27,9 @@ public class SignInterceptor implements HandlerInterceptor {
     private final StringRedisTemplate redisTemplate;
 
     // 允许时间误差 20秒
-    private static final long ALLOW_TIME_DIFF_SECONDS = 20;
+    private static final long ALLOW_TIME_DIFF_SECONDS = 200;
     // nonce 在 Redis 的有效期（建议比时间误差略长一点）
-    private static final long NONCE_EXPIRE_SECONDS = 30;
+    private static final long NONCE_EXPIRE_SECONDS = 300;
 
     public SignInterceptor(Map<String, String> appSecretMap,
                            StringRedisTemplate redisTemplate) {

src/main/java/com/yolo/keyborad/config/SaTokenConfigure.java

@@ -74,6 +74,7 @@ public class SaTokenConfigure implements WebMvcConfigurer {
                 "/user/appleLogin",
                 "/user/logout",
                 "/tag/list",
+                "/user/sendVerifyMail",
                 "/character/detail",
                 "/user/login",
                 "/user/verifyMailCode",