fix(auth): ScadaBridge 1.2 review fixes — secret-test repoint, checklist, Scope guard, 0.1.1 pin

docs/plans/2026-05-24-second-environment.md

@@ -246,13 +246,15 @@ These are clones of `docker/central-node-a/appsettings.Central.json` and `docker
       "MachineDataDb": "Server=scadabridge-mssql,1433;Database=ScadaBridgeMachineData2;User Id=scadabridge_app;Password=ScadaBridge_Dev1#;TrustServerCertificate=true"
     },
     "Security": {
-      "LdapServer": "scadabridge-ldap",
-      "LdapPort": 3893,
-      "LdapUseTls": false,
-      "AllowInsecureLdap": true,
-      "LdapSearchBase": "dc=scadabridge,dc=local",
-      "LdapServiceAccountDn": "cn=admin,dc=scadabridge,dc=local",
-      "LdapServiceAccountPassword": "password",
+      "Ldap": {
+        "Server": "scadabridge-ldap",
+        "Port": 3893,
+        "Transport": "None",
+        "AllowInsecure": true,
+        "SearchBase": "dc=scadabridge,dc=local",
+        "ServiceAccountDn": "cn=admin,dc=scadabridge,dc=local",
+        "ServiceAccountPassword": "password"
+      },
       "JwtSigningKey": "scadabridge-env2-dev-jwt-signing-key-must-be-at-least-32-characters-long",
       "JwtExpiryMinutes": 15,
       "IdleTimeoutMinutes": 30,