chore(auth): ScadaBridge unify dev LDAP base DN to dc=zb,dc=local (Task 1.6)

Replace dc=scadabridge,dc=local with dc=zb,dc=local in all dev/test LDAP
references — app config, docker test-cluster node configs (docker/ and
docker-env2/), GLAuth fixture, dev tooling, Host.Tests fixtures,
IntegrationTests factory, and operational test_infra docs. OU structure
(ou=SCADA-Admins,ou=users,etc.) preserved throughout. Email domains
(@scadabridge.local), hostnames, and container names are untouched.
Historical plan docs (2026-05-24-second-environment.md,
2026-05-31-folder-repo-rename-scadabridge-design.md) excluded as
point-in-time records. No synthetic dc=example,dc=com placeholders touched.

tests/ZB.MOM.WW.ScadaBridge.Host.Tests/ActorPathTests.cs

@@ -57,8 +57,8 @@ public class CentralActorPathTests : IAsyncLifetime
                         ["ScadaBridge:Security:Ldap:Port"] = "3893",
                         ["ScadaBridge:Security:Ldap:Transport"] = "None",
                         ["ScadaBridge:Security:Ldap:AllowInsecure"] = "true",
-                        ["ScadaBridge:Security:Ldap:SearchBase"] = "dc=scadabridge,dc=local",
-                        ["ScadaBridge:Security:Ldap:ServiceAccountDn"] = "cn=admin,dc=scadabridge,dc=local",
+                        ["ScadaBridge:Security:Ldap:SearchBase"] = "dc=zb,dc=local",
+                        ["ScadaBridge:Security:Ldap:ServiceAccountDn"] = "cn=admin,dc=zb,dc=local",
                     });
                 });
                 builder.UseSetting("ScadaBridge:Node:Role", "Central");

tests/ZB.MOM.WW.ScadaBridge.Host.Tests/AkkaHostedServiceAuditWiringTests.cs

@@ -121,8 +121,8 @@ public class CentralAuditWiringTests : IDisposable
                         ["ScadaBridge:Security:Ldap:Port"] = "3893",
                         ["ScadaBridge:Security:Ldap:Transport"] = "None",
                         ["ScadaBridge:Security:Ldap:AllowInsecure"] = "true",
-                        ["ScadaBridge:Security:Ldap:SearchBase"] = "dc=scadabridge,dc=local",
-                        ["ScadaBridge:Security:Ldap:ServiceAccountDn"] = "cn=admin,dc=scadabridge,dc=local",
+                        ["ScadaBridge:Security:Ldap:SearchBase"] = "dc=zb,dc=local",
+                        ["ScadaBridge:Security:Ldap:ServiceAccountDn"] = "cn=admin,dc=zb,dc=local",
                         ["ScadaBridge:InboundApi:ApiKeyPepper"] = "test-inbound-api-key-pepper-at-least-32-chars!",
                     });
                 });

tests/ZB.MOM.WW.ScadaBridge.Host.Tests/CompositionRootTests.cs

@@ -116,8 +116,8 @@ public class CentralCompositionRootTests : IDisposable
                         ["ScadaBridge:Security:Ldap:Port"] = "3893",
                         ["ScadaBridge:Security:Ldap:Transport"] = "None",
                         ["ScadaBridge:Security:Ldap:AllowInsecure"] = "true",
-                        ["ScadaBridge:Security:Ldap:SearchBase"] = "dc=scadabridge,dc=local",
-                        ["ScadaBridge:Security:Ldap:ServiceAccountDn"] = "cn=admin,dc=scadabridge,dc=local",
+                        ["ScadaBridge:Security:Ldap:SearchBase"] = "dc=zb,dc=local",
+                        ["ScadaBridge:Security:Ldap:ServiceAccountDn"] = "cn=admin,dc=zb,dc=local",
                         // Auth re-arch (C5): inbound-API keys live in the shared
                         // ZB.MOM.WW.Auth.ApiKeys SQLite store. The verifier reuses
                         // this same config key as its pepper secret (PepperSecretName),

tests/ZB.MOM.WW.ScadaBridge.IntegrationTests/AuthFlowTests.cs

@@ -107,7 +107,7 @@ public class AuthFlowTests : IClassFixture<ScadaBridgeWebApplicationFactory>
     public async Task LoginEndpoint_WithValidLdapCredentials_SetsCookieAndRedirects()
     {
         // Requires GLAuth test LDAP server: docker compose -f infra/docker-compose.yml up -d glauth
-        // GLAuth runs on localhost:3893, baseDN dc=scadabridge,dc=local, all passwords "password"
+        // GLAuth runs on localhost:3893, baseDN dc=zb,dc=local, all passwords "password"
         if (!await IsLdapAvailableAsync())
         {
             // Skip gracefully if GLAuth not running — not a test failure

tests/ZB.MOM.WW.ScadaBridge.IntegrationTests/ScadaBridgeWebApplicationFactory.cs

@@ -45,11 +45,11 @@ public class ScadaBridgeWebApplicationFactory : WebApplicationFactory<Program>
             ["ScadaBridge__Security__Ldap__Port"] = "3893",
             ["ScadaBridge__Security__Ldap__Transport"] = "None",
             ["ScadaBridge__Security__Ldap__AllowInsecure"] = "true",
-            ["ScadaBridge__Security__Ldap__SearchBase"] = "dc=scadabridge,dc=local",
+            ["ScadaBridge__Security__Ldap__SearchBase"] = "dc=zb,dc=local",
             // GLAuth places users at cn=<name>,ou=<group>,ou=users,dc=... — a service
             // account is configured to enable the shared service's search-then-bind:
             // resolve the user's real DN by (UserNameAttribute=<name>) lookup, then bind it.
-            ["ScadaBridge__Security__Ldap__ServiceAccountDn"] = "cn=admin,ou=SCADA-Admins,ou=users,dc=scadabridge,dc=local",
+            ["ScadaBridge__Security__Ldap__ServiceAccountDn"] = "cn=admin,ou=SCADA-Admins,ou=users,dc=zb,dc=local",
             ["ScadaBridge__Security__Ldap__ServiceAccountPassword"] = "password",
         };