refactor(plugins): comprehensive code review - ~35 fixes across 14 plugins

Phase 1 - Plugin code review (14/14 plugins):
- Security: 3x token leak in print→logger.debug, Bearer prefix handling
- Bug: bare except→specific exceptions, HorseState type safety, sync→async
- Critical: response_model undefined, route dead code, sync blocking event loop
- Quality: 11x print()→logger, variable name shadowing, consistent logging

Phase 2 - Deep analysis:
- Fix: payout int truncation→max(1, round(amount*odds))
- Fix: room_store get_lock race condition→dict.setdefault()
- Verify: data_manager f-string SQL is safe (uses ? placeholders)

Infrastructure: review reports generated for all plugins.

danding_bot/plugins/auto_friend_accept/config.py

@@ -1,9 +1,13 @@
-from pydantic import BaseModel, validator
-from typing import Optional
-
-class Config(BaseModel):
-    # 是否启用自动同意好友请求
-    auto_accept_enabled: bool = True
-    
-    # 自动回复的消息，如果为空则不发送
-    auto_reply_message: Optional[str] = "" 
+from pydantic import BaseModel
+from typing import Optional
+
+class Config(BaseModel):
+    # 是否启用自动同意好友请求
+    auto_accept_enabled: bool = True
+    
+    # 自动回复的消息，None表示不发送
+    auto_reply_message: Optional[str] = None
+    
+    # 欢迎消息发送前的随机延迟范围（秒）
+    reply_delay_min: float = 2.0
+    reply_delay_max: float = 5.0