fix(api-surface): close Theme 9 — 27 naming / dead-code / config / hygiene findings

The largest themed batch — small mechanical fixes across 11 modules.

API / message hygiene:
- Comm-020: SiteAddressCacheLoaded now carries IReadOnlyDictionary /
  IReadOnlyList — Akka messages must be immutable.
- Commons-016: BundleSession.MaxUnlockAttempts named constant replaces
  magic 3.
- Commons-018: IOperationTrackingStore + IPartitionMaintenance moved from
  Interfaces/ root to Interfaces/Services/ (namespace preserved — 9
  consumers exceeded the in-prompt move threshold).
- Commons-023: TrackingStatusSnapshot.SourceNode now consistent with the
  trailing-optional-with-default pattern used elsewhere.
- SR-022: AuditingDbCommand.DbConnection.set no longer uses reflection —
  exposes AuditingDbConnection.Inner via internal API surface.

Dead code / config cleanup:
- ClusterInfra-011: decorative SectionName constant deleted.
- ClusterInfra-014: dead AddClusterInfrastructureActors method + its
  "throws-when-called" test deleted.
- Host-021: Microsoft Logging:LogLevel block deleted from appsettings.json
  (dead under Serilog).

Fail-loud over fail-silent:
- DM-021: ResolveSiteIdentifierAsync throws on missing site (was silently
  substituting a DB id).
- DM-022: dropped transient Pending write — record now lands directly in
  InProgress (no UI flicker, one fewer DB write).
- Host-020: LoggerConfigurationFactory emits a Console.Error warning when
  both Serilog:MinimumLevel and ScadaLink:Logging:MinimumLevel are set
  (ScadaLink remains truth per Host-011).
- SnF-022: NotifyCachedCallObserverAsync logs Warning on unparseable
  TrackedOperationId (was silently dropping).
- SnF-023: empty siteId default replaced with $unknown-site sentinel
  + constructor normalisation.

Correctness:
- SCA-001: SupervisorStrategy XML rewritten to match actual
  DefaultDecider/Restart semantics (was claiming Resume).
- SCA-003: OnUpsertAsync now restamps IngestedAtUtc on every upsert.
- SR-021: HandleDeployArtifacts now dispatches an internal
  ApplyArtifactDataConnectionsToDcl message after the SQLite write so
  system-wide artifact-deploy data-connection changes go live
  immediately (was requiring a site restart).
- SnF-020: RetryParkedMessageAsync captures the parked row BEFORE the
  local write so a concurrent delete can't skip standby replication.

Sentinels / naming collisions:
- HM-021: CentralSiteId changed from "central" to "$central"
  (uncollideable — leading $ is forbidden in real SiteIdentifiers).

Doc / surface cleanups:
- SEL-018: FailedWriteCount promoted to ISiteEventLogger; XML softened
  to "Available for future Health Monitoring integration".
- SnF-019: VERIFY outcome — documented parking-after-DefaultMaxRetries
  in Component-StoreAndForward.md + DefaultMaxRetries XML (uniform
  cap; maxRetries:0 is the unbounded escape hatch).
- SnF-021: Component-StoreAndForward.md no longer claims the tracking
  table lives in SnF — it's in SiteRuntime, the interface is in Commons.
- CLI-020: bundle export response parse guarded with try/catch on
  JsonException / KeyNotFoundException / FormatException — emits a
  clean INVALID_RESPONSE exit instead of a stack trace.

Config:
- ClusterInfra-013: intent comment added to "catastrophic config" test.
- Host-016: appsettings.Site.json second CentralContactPoints entry
  removed (was pointing at the SITE's own port); doc-key explains how
  to extend.
- Host-018: NodeName added to both shipped per-role configs (was
  causing SourceNode to be null on audit rows).

UI:
- CentralUI-029: replaced JS.InvokeAsync<int>("eval", …) with an ES
  module import (new wwwroot/js/browser-time.js).
- CentralUI-032: AuditResultsGrid gains a Previous button backed by a
  cursor stack.

10+ new regression tests across the affected projects. Build clean;
all suites green. README regenerated: 6 open (was 33).

Session-to-date: 130 of 136 originally-open Theme findings closed.

tests/ScadaLink.ClusterInfrastructure.Tests/ClusterOptionsTests.cs

@@ -35,17 +35,26 @@ public class ClusterOptionsTests
         Assert.Empty(options.SeedNodes);
     }
 
-    [Fact]
-    public void SectionName_IsTheExpectedAppSettingsSection()
-    {
-        // CI-005: ClusterOptions must expose a single-source-of-truth constant for
-        // its appsettings.json section so binding sites do not hard-code the string.
-        Assert.Equal("ScadaLink:Cluster", ClusterOptions.SectionName);
-    }
+    // ClusterInfra-011: SectionName constant deleted — the previous test
+    // `SectionName_IsTheExpectedAppSettingsSection` is removed alongside it.
+    // The Host's SiteServiceRegistration / StartupValidator continue to
+    // reference the `"ScadaLink:Cluster"` literal directly; reinstating the
+    // constant should happen when those Host binding sites can be updated in
+    // the same change.
 
     [Fact]
     public void Properties_CanBeSetToCustomValues()
     {
+        // ClusterInfra-013: this test exercises the POCO property setters only —
+        // `SplitBrainResolverStrategy = "keep-majority"` and `MinNrOfMembers = 2`
+        // are values the design doc explicitly forbids in production
+        // (`keep-majority` causes total shutdown on a two-node partition;
+        // `MinNrOfMembers = 2` blocks the cluster singleton after failover).
+        // The POCO accepts any value by design; rejection lives in
+        // `ClusterOptionsValidator` and is covered by
+        // `ClusterOptionsValidatorTests.UnsupportedSplitBrainStrategy_FailsValidation`
+        // and `ClusterOptionsValidatorTests.MinNrOfMembers_NotOne_FailsValidation`.
+        // Do NOT read these values as endorsed runtime configuration.
         var options = new ClusterOptions
         {
             SeedNodes = new List<string> { "akka.tcp://system@node1:2551", "akka.tcp://system@node2:2551" },

tests/ScadaLink.ClusterInfrastructure.Tests/ServiceCollectionExtensionsTests.cs

@@ -4,11 +4,11 @@ using Microsoft.Extensions.Options;
 namespace ScadaLink.ClusterInfrastructure.Tests;
 
 /// <summary>
-/// CI-002: Tests that the DI extension methods do real work rather than
-/// silently returning success. <see cref="ServiceCollectionExtensions.AddClusterInfrastructure"/>
-/// must register the <see cref="ClusterOptionsValidator"/> so misconfiguration
-/// fails fast, and the unimplemented actor-registration placeholder must fail
-/// loudly rather than masquerade as a completed registration.
+/// CI-002: Tests that <see cref="ServiceCollectionExtensions.AddClusterInfrastructure"/>
+/// does real work rather than silently returning success — it must register
+/// the <see cref="ClusterOptionsValidator"/> so misconfiguration fails fast.
+/// (The companion actor-registration test was removed alongside the deleted
+/// `AddClusterInfrastructureActors` extension method — see ClusterInfra-014.)
 /// </summary>
 public class ServiceCollectionExtensionsTests
 {
@@ -48,11 +48,10 @@ public class ServiceCollectionExtensionsTests
         Assert.Contains("MinNrOfMembers", ex.Message);
     }
 
-    [Fact]
-    public void AddClusterInfrastructureActors_ThrowsRatherThanSilentlySucceeding()
-    {
-        var services = new ServiceCollection();
-
-        Assert.Throws<NotImplementedException>(() => services.AddClusterInfrastructureActors());
-    }
+    // ClusterInfra-014: `AddClusterInfrastructureActors_ThrowsRatherThanSilentlySucceeding`
+    // was removed alongside the now-deleted `AddClusterInfrastructureActors`
+    // extension method. The Akka.NET actor wiring legitimately lives in
+    // `ScadaLink.Host` (AkkaHostedService) per the
+    // Component-ClusterInfrastructure.md "Implementation Note — Code Placement"
+    // section; this project no longer exposes an actor-registration extension.
 }