Fix WeChat Pay V3 public key transfer signature verification failure

When using public key mode for transfer APIs, WeChat Pay may return a response with
a platform certificate serial number in the Wechatpay-Serial header, but the signature
is actually signed with the public key. The previous logic would fail to verify this.

Changes:
- Modified PublicCertificateVerifier.verify() to fallback to public key verification
  when certificate verification fails
- This ensures both platform certificate and public key signatures can be verified
- Fixes the issue where funds are locked but verification fails for transfer APIs

Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>

weixin-java-pay/src/main/java/com/github/binarywang/wxpay/v3/auth/PublicCertificateVerifier.java

@@ -24,9 +24,17 @@ public class PublicCertificateVerifier implements Verifier{
 
     @Override
     public boolean verify(String serialNumber, byte[] message, String signature) {
+        // 如果序列号不包含"PUB_KEY_ID"且有证书验证器，先尝试证书验证
         if (!serialNumber.contains("PUB_KEY_ID") && this.certificateVerifier != null) {
-            return this.certificateVerifier.verify(serialNumber, message, signature);
+            try {
+                if (this.certificateVerifier.verify(serialNumber, message, signature)) {
+                    return true;
+                }
+            } catch (Exception e) {
+                // 证书验证失败，继续尝试公钥验证
+            }
         }
+        // 使用公钥验证（兜底方案，适用于公钥转账等场景）
         try {
             Signature sign = Signature.getInstance("SHA256withRSA");
             sign.initVerify(publicKey);