fix: 修复CodeReview发现的安全问题和代码质量问题 | fix security and code quality issues identified by CodeReview

- 修复JSON注入漏洞：使用json.Marshal()安全转义字符串内容
- 定义常量CHARS_PER_TOKEN替换硬编码的token估算数字4
- 处理UnmarshalJSON错误，避免静默失败并记录错误日志
- 定义常量替换硬编码的API端点路径，提高可维护性

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

relay/adaptor/anthropic/adaptor.go

@@ -14,6 +14,13 @@ import (
 	"github.com/songquanpeng/one-api/relay/relaymode"
 )
 
+const (
+	// NativeAnthropicEndpoint is the endpoint for native Anthropic API
+	NativeAnthropicEndpoint = "/v1/messages"
+	// ThirdPartyAnthropicEndpoint is the endpoint for third-party providers supporting Anthropic protocol
+	ThirdPartyAnthropicEndpoint = "/anthropic/v1/messages"
+)
+
 type Adaptor struct {
 }
 
@@ -24,13 +31,13 @@ func (a *Adaptor) Init(meta *meta.Meta) {
 func (a *Adaptor) GetRequestURL(meta *meta.Meta) (string, error) {
 	// For native Anthropic API
 	if strings.Contains(meta.BaseURL, "api.anthropic.com") {
-		return fmt.Sprintf("%s/v1/messages", meta.BaseURL), nil
+		return fmt.Sprintf("%s%s", meta.BaseURL, NativeAnthropicEndpoint), nil
 	}
 
 	// For third-party providers supporting Anthropic protocol (like DeepSeek)
 	// They typically expose the endpoint at /anthropic/v1/messages
 	baseURL := strings.TrimSuffix(meta.BaseURL, "/")
-	return fmt.Sprintf("%s/anthropic/v1/messages", baseURL), nil
+	return fmt.Sprintf("%s%s", baseURL, ThirdPartyAnthropicEndpoint), nil
 }
 
 func (a *Adaptor) SetupRequestHeader(c *gin.Context, req *http.Request, meta *meta.Meta) error {