fix: add missing comma in whitelist.py causing /mcp* routes to be unwhitelisted

"*.css.map" was missing a trailing comma, causing Python's implicit string
literal concatenation to merge it with the next entry into "*.css.map/mcp*".
This made the /mcp* whitelist rule never match, so all /mcp/* endpoints
(mcp_start, mcp_question, mcp_get_sql, mcp_execute_sql, etc.) were blocked
by TokenMiddleware with "Miss Token[X-SQLBOT-TOKEN]" even though they are
intended to handle their own authentication internally.

Author: llanc

backend/common/utils/whitelist.py

@@ -21,7 +21,7 @@
     "*.ttf",
     "*.eot",
     "*.otf",
-    "*.css.map"
+    "*.css.map",
     "/mcp*",
     "/system/license",
     "/system/config/key",
@@ -90,4 +90,4 @@ def add_path(self, path: str) -> None:
             if "*" in path:
                 self._compile_patterns()
 
-whiteUtils = WhitelistChecker()
+whiteUtils = WhitelistChecker()