This PR fixes two runtime issues that were showing up together in the Web UI.

The first issue was in Runtime Config. The Settings dialog only opened after /api/config and /api/config/self_check both returned and after the frontend had finished building the full config draft. In practice that made the button feel unresponsive, especially on slower instances. The UI also did not expose Weixin in the Web settings even though the backend already supported it.

The second issue was a runtime failure path around invalid model ids, notably *. Users could end up with * in effective model selection through stale config, profile data, or in-memory overrides. When that happened the request was forwarded to the provider and failed with errors like * is not a valid model ID. Separately, /api/config could return 500 because the config response path serialized Config directly through JSON even though it contains serde_yaml::Value trees, which can include mapping keys that are not plain JSON strings.

Root cause:

The frontend treated opening Runtime Config as a blocking fetch-and-hydrate workflow instead of opening the shell immediately and loading inside it. On the backend, model selection trusted incoming config and override values too much, and the config API assumed direct JSON serialization of YAML-backed config structures was always safe.

Fixes in this PR:

• Add Weixin to the Web Runtime Config UI, including both channel-level fields and per-account fields.
• Open the Settings dialog immediately and show loading/progress while config and self-check data are fetched.
• Preserve existing secrets for dynamic channel fields while still allowing empty inputs to mean "keep existing secret".
• Normalize model ids during config load and profile resolution so empty values and * are ignored and fall back to the provider default model.
• Ignore invalid runtime model overrides instead of forwarding them to providers.
• Reject /model * explicitly in chat commands with a user-facing validation message.
• Make /api/config serialize through a safe YAML-to-JSON conversion path before redacting secrets so non-string YAML mapping keys no longer crash the endpoint.
• Add regression tests for wildcard model fallback, invalid runtime override fallback, invalid chat command model override rejection, and safe config redaction with non-string YAML keys.

Validation performed:

• npm --prefix web run build
• cargo test wildcard -- --nocapture
• cargo test invalid_runtime_model_override -- --nocapture
• cargo test test_redact_config -- --nocapture