refactor: 优化 NBPF 模块 - 缓存导入/合并重复方法/减少I/O

- crypto.py: 8个_imp_*方法改为_ModuleCache类缓存导入
- crypto.py: outer/inner加解密合并为_layer_encrypt/decrypt
- crypto.py: 提取公共摘要计算方法，拆分长方法
- compiler.py: 删除_obfuscate_code中未使用的死代码
- loader.py: 3次ZIP扫描合并为1次缓存读取
- format.py: 更新为使用_ModuleCache
- 合计减少205行代码（1707→1502）

oss/core/http_api/middleware.py

@@ -42,7 +42,15 @@ class CorsMiddleware(Middleware):
 
 class AuthMiddleware(Middleware):
     """鉴权中间件 - Bearer Token 认证"""
-    _public_paths = {"/health", "/favicon.ico", "/api/status", "/api/health"}
+
+    @staticmethod
+    def _get_public_paths() -> set:
+        """获取公开路径白名单，优先从配置读取"""
+        config = get_config()
+        configured = config.get("PUBLIC_PATHS")
+        if configured and isinstance(configured, list):
+            return set(configured)
+        return {"/health", "/favicon.ico", "/api/status", "/api/health"}
 
     def process(self, ctx: dict, next_fn: Callable) -> Optional[Response]:
         config = get_config()
@@ -51,8 +59,9 @@ class AuthMiddleware(Middleware):
         if not api_key:
             return next_fn()
 
+        public_paths = self._get_public_paths()
         req = ctx.get("request")
-        if req and req.path in self._public_paths:
+        if req and req.path in public_paths:
             return next_fn()
 
         if req and req.method == "OPTIONS":