fix(group): 管理员清空分组描述时正确持久化

[ghostg00]

Summary

• 修复管理员在「分组管理 → 编辑」中清空备注后保存无效的问题
• UpdateGroupRequest / UpdateGroupInput 的 Description 字段改为 *string，区分「未提供」和「显式置空」
• 行为对照：
  • nil（请求未带 description 字段或为 null）→ 保持原值，与旧行为一致
  • ""（请求显式传空串）→ 清空描述，修复前会被静默忽略

Why

backend/internal/service/admin_service.go 原来用 if input.Description != "" 判空，导致分组备注一旦写入就再也无法在 UI 上清掉（例如 simple_mode_default_groups.go 自动写入的 Auto-created default group 留痕）。

Test plan

• go test -tags=unit -run TestAdminService_UpdateGroup ./internal/service/ 全部通过
• 新增 TestAdminService_UpdateGroup_ClearsDescriptionWhenEmptyString 校验显式清空生效
• 新增 TestAdminService_UpdateGroup_PreservesDescriptionWhenNil 校验未提供时不动原值
• go build ./... 通过

[github-actions]

All contributors have signed the CLA. ✅
_{Posted by the CLA Assistant Lite bot.}

[ghostg00]

Note on the failing Security Scan / backend-security check

This failure is unrelated to the diff in this PR. It's govulncheck flagging Go stdlib CVEs in the CI's Go toolchain:

• GO-2026-5039 — net/textproto@go1.26.3 → fixed in go1.26.4
• GO-2026-5037 — crypto/x509@go1.26.3 → fixed in go1.26.4

Evidence this is pre-existing on main and not caused by this PR:

• The same Security Scan job is currently failing on main itself (run #26939055319, push from PR fix(usage): revert OpenAI 5h used_percent inversion (#2918 regression) #2993 merged into main).
• The vulnerability traces point only to internal/handler/admin/setting_handler.go, internal/pkg/tlsfingerprint/dialer.go, internal/service/email_service.go, internal/service/gateway_service.go — none of which this PR touches. The diff in this PR is limited to group_handler.go / admin_service.go / admin_service_group_test.go.

The fix is to bump the CI Go toolchain to 1.26.4+ (separate maintenance task). All other checks on this PR are green: CI / frontend, golangci-lint, test, CLA.