feat(centralui): Secured Writes page — operator submit + verifier queue + history (T14b)

src/ZB.MOM.WW.ScadaBridge.CentralUI/Components/Layout/NavMenu.razor

@@ -83,6 +83,30 @@
             </Authorized>
         </AuthorizeView>
 
+        @* Operations — Secured Writes (M7 T14b). Two-person MxGateway write workflow:
+           Operator submits, a different Verifier approves/rejects. The section must show
+           for Operator OR Verifier. There is no combined policy, so the OR is expressed
+           as: Operator → render; otherwise (NotAuthorized) fall through to a Verifier
+           check. This renders the section EXACTLY ONCE for a user holding either (or both)
+           roles — important in dev where DisableLogin grants one identity every role —
+           and hides the heading entirely from a user with neither. *@
+        <AuthorizeView Policy="@AuthorizationPolicies.RequireOperator">
+            <Authorized Context="operationsOperatorContext">
+                <NavRailSection Title="Operations" Key="operations">
+                    <NavRailItem Href="/operations/secured-writes" Text="Secured Writes" />
+                </NavRailSection>
+            </Authorized>
+            <NotAuthorized Context="operationsNonOperatorContext">
+                <AuthorizeView Policy="@AuthorizationPolicies.RequireVerifier">
+                    <Authorized Context="operationsVerifierContext">
+                        <NavRailSection Title="Operations" Key="operations">
+                            <NavRailItem Href="/operations/secured-writes" Text="Secured Writes" />
+                        </NavRailSection>
+                    </Authorized>
+                </AuthorizeView>
+            </NotAuthorized>
+        </AuthorizeView>
+
         @* Monitoring — Health Dashboard is all-roles; Event Logs and
            Parked Messages are Deployer-role only (Component-CentralUI).
            The section is ungated because Health Dashboard is always