fix(notifications): close OAuth2 SMTP + dispatcher resilience gaps (5 findings)

NS-021/NO-001: thread FromAddress into XOAUTH2 so M365 stops rejecting
sends with 535 5.7.3. Added an additive oauth2UserName parameter on
ISmtpClientWrapper.AuthenticateAsync; both NotificationService and
NotificationOutbox now pass config.FromAddress.

NO-002: clamp non-positive SmtpConfiguration.MaxRetries/RetryDelay to the
1-min / 10-attempt fallback with a Warning so a misconfigured row no
longer parks transient failures on the first attempt or burn-loops.

NO-003: route a lifecycle-scoped CancellationToken from the
NotificationOutboxActor through the dispatch sweep into the adapter so
in-flight SMTP sends abort on PostStop instead of blocking
CoordinatedShutdown for the full SMTP timeout per row.

NO-004: await the central audit writer inside the existing try/catch
instead of fire-and-forget so the audit task can't outlive the per-sweep
DI scope and writer faults reach the operator log instead of being
silently dropped.

Two AuditLog integration tests seeded RetryDelay = TimeSpan.Zero to force
immediate re-claim on the second tick; updated them to 1 ms so they keep
the same intent without tripping the NO-002 clamp.

tests/ScadaLink.AuditLog.Tests/Integration/AuditWriteFailureSafetyTests.cs

@@ -365,11 +365,13 @@ public class AuditWriteFailureSafetyTests : TestKit, IClassFixture<MsSqlMigratio
     private async Task SeedSmtpConfigAsync()
     {
         await using var ctx = CreateContext();
+        // NO-002: dispatcher clamps non-positive RetryDelay to the 1-minute fallback;
+        // use 1 ms so a transient outcome's NextAttemptAt is still effectively due.
         ctx.SmtpConfigurations.Add(new SmtpConfiguration(
             "smtp.example.com", "Basic", "noreply@example.com")
         {
             MaxRetries = 5,
-            RetryDelay = TimeSpan.Zero,
+            RetryDelay = TimeSpan.FromMilliseconds(1),
         });
         await ctx.SaveChangesAsync();
     }