fix: policy always checked regardless of caller-provided floors

Redesign addVisitor four-phase flow:
- Phase1: ALWAYS query person detail (orgIds for policy lookup)
- Phase2: candidate = caller floors or org floorList
- Phase3: ALWAYS check policy; intersect candidate with allow
- Phase4: empty set validation
Fixes UC-02 bypass: policy was entirely skipped when caller
provided floorIds. Now policy always constrains.
Bump v2.0.19

maven-cw-elevator-application/releases/cw-elevator-application-V2.0.18.20260505/start.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+# 与「星中心」V1 部署习惯对齐：本脚本与 cw-elevator-application-V1.0.0.20211103.jar、bootstrap/application*.properties 位于同一目录。
+# 覆盖 JVM：设置环境变量 ELEVATOR_JAVA_OPTS（可选）；指定 Java：JAVA_HOME 或 JAVA_CMD。
+set -euo pipefail
+dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+cd "$dir"
+JAR="cw-elevator-application-V1.0.0.20211103.jar"
+if [[ ! -f "$JAR" ]]; then
+  echo "ERROR: 未找到 ${JAR}（当前目录 $(pwd)）" >&2
+  exit 1
+fi
+if [[ -n "${JAVA_CMD:-}" ]]; then
+  JAVA_EXEC="$JAVA_CMD"
+elif [[ -n "${JAVA_HOME:-}" && -x "${JAVA_HOME}/bin/java" ]]; then
+  JAVA_EXEC="${JAVA_HOME}/bin/java"
+else
+  JAVA_EXEC="/usr/lib/jvm/java-8-openjdk-amd64/bin/java"
+fi
+if [[ -z "${ELEVATOR_JAVA_OPTS:-}" ]]; then
+  ELEVATOR_JAVA_OPTS="-Xmx3072m -Xms3072m -Xmn1024m"
+fi
+# shellcheck disable=SC2086
+exec "$JAVA_EXEC" $ELEVATOR_JAVA_OPTS -jar "$JAR"