fix(auth): ScadaBridge inbound auth review fixes — scope-before-DB, pinned 403 body, pepper fail-fast, log category

src/ZB.MOM.WW.ScadaBridge.InboundAPI/Middleware/AuditWriteMiddleware.cs

@@ -36,7 +36,7 @@ namespace ZB.MOM.WW.ScadaBridge.InboundAPI.Middleware;
 /// (no <c>UseAuthentication</c>-backed scheme populates <see cref="HttpContext.User"/>
 /// for X-API-Key callers), so the handler stashes the resolved API key name on
 /// <see cref="HttpContext.Items"/> under <see cref="AuditActorItemKey"/> after
-/// <c>ApiKeyValidator.ValidateAsync</c> succeeds. The middleware reads it in
+/// <c>IApiKeyVerifier.VerifyAsync</c> succeeds. The middleware reads it in
 /// its <c>finally</c> block — on auth failures the key remains absent and
 /// <see cref="AuditEvent.Actor"/> stays null (we never echo back an
 /// unauthenticated principal).
@@ -67,7 +67,7 @@ public sealed class AuditWriteMiddleware
 {
     /// <summary>
     /// <see cref="HttpContext.Items"/> key used by the endpoint handler to publish
-    /// the resolved API key name once <c>ApiKeyValidator.ValidateAsync</c> has
+    /// the resolved API key name once <c>IApiKeyVerifier.VerifyAsync</c> has
     /// succeeded. Exposed as a constant so the handler and middleware share a
     /// single source of truth (no stringly-typed coupling).
     /// </summary>