fix(security): resolve Security-009,010,011 — LDAP connection timeout, design-doc correction, security-path test coverage; Security-008 deferred

src/ScadaLink.Security/SecurityOptions.cs

@@ -65,6 +65,16 @@ public class SecurityOptions
     /// </summary>
     public string LdapGroupAttribute { get; set; } = "memberOf";
 
+    /// <summary>
+    /// Network timeout, in milliseconds, applied to the LDAP socket connect and to
+    /// LDAP operations (bind/search). The synchronous Novell LDAP calls are wrapped
+    /// in <c>Task.Run</c>, where the <c>CancellationToken</c> only guards work-item
+    /// scheduling — it cannot interrupt an in-progress blocking call. This timeout is
+    /// the real safeguard: it bounds how long a hung LDAP server can pin a thread-pool
+    /// thread (Security-009). Default 10 seconds.
+    /// </summary>
+    public int LdapConnectionTimeoutMs { get; set; } = 10_000;
+
     /// <summary>
     /// Symmetric HMAC-SHA256 signing key for cookie-embedded JWTs. Must be at least
     /// 32 bytes (256 bits) — validated at <see cref="JwtTokenService"/> construction.