fix(correctness): close Theme 10 — 5 data-integrity / serialisation findings

Final themed batch. 5 well-localised correctness fixes.

Serialisation precision:
- ESG-020: DatabaseGateway.JsonElementToParameterValue probes
  TryGetInt64 → TryGetDecimal → GetDouble, so a script's high-precision
  decimal SQL parameter survives the cached-write retry round-trip
  without silent precision loss. 3 new regression tests.

Template engine correctness:
- TE-018: DiffService gains ComputeConnectionsDiff over
  FlattenedConfiguration.Connections, mirroring the existing entity-diff
  shape and pairing with the Theme 1 TE-017 hash-coverage fix. A
  ConfigurationDiff record extension in Commons is flagged as a follow-up.
- TE-019: TemplateResolver.BuildInheritanceChain now walks via the
  int? ParentTemplateId directly — only null means "no parent". A real
  Id of 0 (the prior special-cased sentinel) now walks the chain like
  any other node, matching the TemplateEngine-013 CycleDetector fix.
  Regression of TE-013 closed.
- TE-020: All 5 Create* paths in TemplateService + SharedScriptService
  re-ordered to save-first → log-with-real-Id → save-audit (matching
  the InstanceService pattern). Create* audit rows no longer carry a
  literal "0" EntityId.

Doc deferral:
- Transport-012: Component-Transport.md §Audit Trail now spells out that
  the BundleImportId repository filter IS wired (in CentralUiRepository),
  but the Audit-Log-Viewer UI dropdown + summary-row hyperlink are a
  deferred CentralUI follow-up. CLI workaround documented
  (audit query --bundle-import-id).

11+ new regression tests (3 ESG, 4 DiffService, 3 TemplateResolver, 4
TemplateService, 1 SharedScriptService). Build clean; ESG 72/72,
TemplateEngine 324/324. README regenerated: 1 pending of 481 total.

Session-to-date: 135 of 136 originally-open Theme findings closed
across 10 themes in 10 commits.

tests/ScadaLink.ExternalSystemGateway.Tests/DatabaseGatewayTests.cs

@@ -1,5 +1,6 @@
 using System.Data;
 using System.Data.Common;
+using System.Text.Json;
 using Microsoft.Extensions.Logging.Abstractions;
 using NSubstitute;
 using ScadaLink.Commons.Entities.ExternalSystems;
@@ -232,6 +233,66 @@ public class DatabaseGatewayTests
         Assert.False(delivered); // permanent — the S&F engine parks the message
     }
 
+    // ── ExternalSystemGateway-020: decimal SQL parameter precision survives JsonElement round-trip ──
+
+    [Fact]
+    public void JsonElementToParameterValue_DecimalShapedNumber_PreservesPrecisionViaDecimal()
+    {
+        // A script's decimal SQL parameter is serialised as a bare JSON number
+        // (System.Text.Json has no decimal type tag), then on the cached-write
+        // retry path the buffered payload is re-deserialised into a
+        // JsonElement and the gateway must materialise a CLR value for the
+        // parameter. Pre-020 it called GetDouble() for any non-Int64 number,
+        // which silently downcast every decimal to a binary float and lost
+        // precision (1234567890.1234567890 -> 1234567890.1234567 as double).
+        // The 020 fix prefers decimal — round-tripping must preserve every
+        // digit of an authoring-time decimal value.
+        const string authoredJson = "1234567890.1234567890";
+
+        // Round-trip through JsonElement, mirroring the buffered-payload path.
+        using var document = JsonDocument.Parse(authoredJson);
+        var element = document.RootElement;
+
+        var materialised = DatabaseGateway.JsonElementToParameterValue(element);
+
+        // The materialised value must be the original decimal, not a double.
+        // Asserting on the type alone is enough to fail pre-020 (which
+        // produced a System.Double); the value assertion locks in the
+        // precision invariant.
+        var asDecimal = Assert.IsType<decimal>(materialised);
+        Assert.Equal(1234567890.1234567890m, asDecimal);
+    }
+
+    [Fact]
+    public void JsonElementToParameterValue_WholeNumber_FastPathReturnsLong()
+    {
+        // Whole numbers must keep the existing Int64 fast path — the 020 fix
+        // is "long first, then decimal, then double", not "decimal first".
+        using var document = JsonDocument.Parse("42");
+        var element = document.RootElement;
+
+        var materialised = DatabaseGateway.JsonElementToParameterValue(element);
+
+        Assert.IsType<long>(materialised);
+        Assert.Equal(42L, materialised);
+    }
+
+    [Fact]
+    public void JsonElementToParameterValue_OutOfDecimalRangeNumber_FallsThroughToDouble()
+    {
+        // A genuinely out-of-decimal-range value (e.g. very large scientific
+        // notation) must still fall through to double rather than throw — the
+        // decimal probe is a precision-preserving preference, not a hard
+        // requirement.
+        using var document = JsonDocument.Parse("1e40");
+        var element = document.RootElement;
+
+        var materialised = DatabaseGateway.JsonElementToParameterValue(element);
+
+        Assert.IsType<double>(materialised);
+        Assert.Equal(1e40, (double)materialised);
+    }
+
     // ── ExternalSystemGateway-010: SqlConnection must not leak when OpenAsync fails ──
 
     [Fact]