chore(audit): ScadaBridge C7 — perf re-baseline + CollapseAuditLogToCanonical projection test + index-test fix + dead-cref cleanup (Task 2.5)

Perf re-baseline (HotPathLatencyTests): empirical p95 on Apple M-series Release
build: 4KB DetailsJson slow path ≈14 µs, small-DetailsJson no-redactors ≈2 µs,
true no-op fast path ≈0 µs. Thresholds updated: 200 µs / 30 µs / 5 µs (≈15×
headroom for contested CI runners). Old thresholds (50 µs / 10 µs) were set for
the pre-C3 typed-field path; canonical JSON parse+rewrite is empirically faster.
Adds a third test (Filter_Apply_NoDetailsJson_FastPath) that asserts same-instance
return on the DetailsJson-null + within-cap fast path. Env-var overrides retained.

CollapseAuditLogToCanonicalMigrationTests (new): three MSSQL-gated [SkippableFact]
tests verifying Action/Category/Outcome projection, NULL Actor, DetailsJson codec
round-trip, and all six persisted computed columns (Kind/Status/SourceSiteId/
ExecutionId/ParentExecutionId) for ApiOutbound, InboundAuthFailure, and Failed-
status rows.

AddAuditLogTableMigrationTests: rename CreatesFiveNamedIndexes →
CreatesNineNamedIndexes; expand coverage from 5 original indexes to all 9 named
non-clustered indexes present after CollapseAuditLogToCanonical (adds
IX_AuditLog_Execution, IX_AuditLog_ParentExecution, IX_AuditLog_Node_Occurred,
UX_AuditLog_EventId).

Dead-cref cleanup: zero references to the deleted IAuditPayloadFilter /
DefaultAuditPayloadFilter / SafeDefaultAuditPayloadFilter types remain in any
.cs file (source or test). 26 occurrences across 13 files replaced with correct
references to IAuditRedactor / ScadaBridgeAuditRedactor / SafeDefaultAuditRedactor
or reworded as plain prose.

Residual sweep: no unused transitional code found beyond the acknowledged
"C3 transitional shim" comments on IngestedAtUtc stamping (active code, not dead).

src/ZB.MOM.WW.ScadaBridge.AuditLog/Central/AuditLogIngestActor.cs

@@ -117,10 +117,10 @@ public class AuditLogIngestActor : ReceiveActor
         // Resolve the repository for the whole batch — one DbContext per
         // message, mirroring NotificationOutboxActor. The injected-repository
         // mode (Bundle D tests) skips the scope entirely.
-        // Bundle C (M5-T6): the IAuditPayloadFilter is also resolved from the
+        // Bundle C (M5-T6): the IAuditRedactor is also resolved from the
         // per-message scope when one is available so the row is truncated +
         // redacted before InsertIfNotExistsAsync. The single-repository test
-        // ctor has no service provider — it falls through with no filter,
+        // ctor has no service provider — it falls through with no redactor,
         // which preserves the small-payload assumptions baked into the
         // existing D2 fixtures.
         // AuditLog-003: use CreateAsyncScope + await using so scoped EF Core

src/ZB.MOM.WW.ScadaBridge.AuditLog/Central/CentralAuditRedactionFailureCounter.cs

@@ -5,10 +5,10 @@ namespace ZB.MOM.WW.ScadaBridge.AuditLog.Central;
 /// <summary>
 /// Audit Log (#23) M6 Bundle E (T9) — bridges
 /// <see cref="IAuditRedactionFailureCounter"/> (incremented by
-/// <see cref="DefaultAuditPayloadFilter"/> every time a header / body / SQL
-/// parameter redactor stage throws and the filter has to over-redact the
-/// offending field) into <see cref="AuditCentralHealthSnapshot"/> so the
-/// failure surfaces on the central health surface as
+/// <see cref="ZB.MOM.WW.ScadaBridge.AuditLog.Redaction.ScadaBridgeAuditRedactor"/> every time
+/// a header / body / SQL parameter redactor stage throws and the redactor has
+/// to over-redact the offending field) into <see cref="AuditCentralHealthSnapshot"/>
+/// so the failure surfaces on the central health surface as
 /// <c>AuditCentralHealthSnapshot.AuditRedactionFailure</c>.
 /// </summary>
 /// <remarks>

src/ZB.MOM.WW.ScadaBridge.AuditLog/Central/CentralAuditWriter.cs

@@ -82,11 +82,11 @@ public sealed class CentralAuditWriter : ICentralAuditWriter
         _services = services ?? throw new ArgumentNullException(nameof(services));
         _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         // AuditLog-008: never default to null — over-redact instead.
-        // C3 (Task 2.5): the canonical IAuditRedactor replaces the legacy
-        // IAuditPayloadFilter. SafeDefaultAuditRedactor applies HTTP header
-        // redaction with hard-coded sensitive defaults so a composition root
-        // that omits the real redactor still scrubs Authorization / X-Api-Key /
-        // Cookie / Set-Cookie before persistence.
+        // C3 (Task 2.5): wired via the canonical IAuditRedactor seam.
+        // SafeDefaultAuditRedactor applies HTTP header redaction with
+        // hard-coded sensitive defaults so a composition root that omits the
+        // real redactor still scrubs Authorization / X-Api-Key / Cookie /
+        // Set-Cookie before persistence.
         _redactor = redactor ?? SafeDefaultAuditRedactor.Instance;
         _failureCounter = failureCounter ?? new NoOpCentralAuditWriteFailureCounter();
         _nodeIdentity = nodeIdentity;