fix(feishu): improve interactive card text extraction for all card formats

[BingqingLyu]

Summary

• Problem: When a bot is @mentioned in a Feishu group containing old-format interactive card messages (alert/monitoring cards from external systems), the bot receives [Interactive Card] placeholder instead of the actual card content. parseInteractiveCardContent() only handles div and markdown element tags.
• Why it matters: Bots cannot read or respond to alert cards, monitoring notifications, or legacy interactive cards — the most common card formats from external systems.
• What changed: Extended parseInteractiveCardContent() in extensions/feishu/src/send.ts to support schema 2.0 cards (body.elements), additional element tags (plain_text, lark_md, header, note, column_set), legacy rich-text content (array-of-arrays with text/a/at/code_block tags), and top-level card.title. Added DFS traversal bounds (CARD_MAX_NODES=500, CARD_MAX_OUTPUT_CHARS=8000) to prevent DoS, and sanitizeCardText() to strip ANSI escapes/control chars (CWE-117).
• What did NOT change (scope boundary): No changes to card sending, card action handling, or any other Feishu extension functionality. Only the quoted-message card content parsing path is affected.

Change Type

• Bug fix

Scope

• Channel: Feishu/Lark

Linked Issue/PR

• Closes fix(feishu): bot receives '[Interactive Card]' instead of card content when @mentioned in group openclaw/openclaw#32023

Security Impact

• New permissions/capabilities? No
• Secrets/tokens handling changed? No
• New/changed network calls? No
• Command/tool execution surface changed? No
• Data access scope changed? No

Repro + Verification

Steps

1. Configure Feishu channel with valid appId/appSecret
2. Send an old-format interactive card (e.g. alert card with header, column_set, plain_text elements) to a group
3. @mention the bot in reply to that card

Expected

• Bot receives the actual card text content

Actual (before fix)

• Bot receives [Interactive Card] placeholder

Evidence

• Failing test/log before + passing after
• Added 5 new test cases in send.test.ts covering: schema 2.0, header/lark_md/note, column_set, legacy rich-text, and empty card fallback

Human Verification

• Verified scenarios: All new card formats extract text correctly; existing div/markdown extraction unchanged
• Edge cases checked: Empty cards, deeply nested column_sets, DFS bounds, ANSI escape sanitization
• What you did NOT verify: Runtime end-to-end testing with actual Feishu service

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.

Compatibility / Migration

• Backward compatible? Yes — existing div and markdown extraction paths unchanged
• Config/env changes? No
• Migration needed? No

Failure Recovery

• How to disable/revert: revert this commit
• Files/config to restore: extensions/feishu/src/send.ts, extensions/feishu/src/send.test.ts

Risks and Mitigations

None — purely additive text extraction logic with bounds to prevent DoS.

---

This PR was AI-assisted (fully tested with unit tests, pre-existing build tooling issues prevent full pnpm build/check locally).