fix(auth): C1 review polish — guard name at seam, document seam contract (throws/O(n)), explicit cookie test (review #1/#2/#3/#5/#8)

tests/ZB.MOM.WW.ScadaBridge.Security.Tests/SecurityTests.cs

@@ -443,6 +443,9 @@ public class SecurityReviewRegressionTests
         services.AddLogging();
         services.AddDataProtection();
         services.AddSecurity();
+        // Explicitly set RequireHttpsCookie=true so the test asserts SecurePolicy.Always
+        // without relying on the SecurityOptions default value.
+        services.Configure<SecurityOptions>(o => o.RequireHttpsCookie = true);
 
         using var provider = services.BuildServiceProvider();
         var cookieOptions = provider