fix(high-severity): close 9 of 10 open High findings across 8 modules

Comm-016: delete dead HandleConnectionStateChanged + _debugSubscriptions /
_inProgressDeployments tracking + ConnectionStateChanged message record.
Disconnect detection is owned by the transport layers (gRPC keepalive PING
~25s; Ask-timeout at CommunicationService). Updates the
Component-Communication.md design doc to make that explicit.

SnF-018: NotificationForwarder.DeliverAsync now discards a corrupt buffered
payload (Warning log + return true) instead of returning false and parking
the row — honoring the design's "notifications do not park" invariant.

DM-018: reconciliation no longer force-sets Enabled, preserving an
intentional Disabled state after central failover.

ESG-018: DeliverBufferedAsync (both ExternalSystemClient + DatabaseGateway)
catches JsonException and returns false, turning a corrupt buffered row
into a parked operation instead of a retry-forever poison message.

InboundAPI-022: register ActiveNodeGate as IActiveNodeGate in the Central
DI branch so standby-node gating is actually wired up in production.

NS-019: remove orphaned NotificationDeliveryService /
INotificationDeliveryService / NotificationResult; central notification
delivery now lives entirely in NotificationOutbox.

SEL-016: normalise From/To filters to UTC before ISO-string compare so
non-UTC DateTimeOffset clients no longer get spuriously excluded events.

TE-017: include Description on attributes/alarms and a HashableConnections
projection (protocol, endpoint JSON, failover count) in the revision hash
and DiffService; staleness detection now catches description-only and
connection-endpoint edits.

Transport-001 and Transport-002 (also High) remain Open — they're being
handled in a follow-up batch because both touch BundleImporter.cs and
must serialise.

tests/ScadaLink.StoreAndForward.Tests/NotificationForwarderTests.cs

@@ -197,4 +197,58 @@ public class NotificationForwarderTests : TestKit
         Assert.Equal(submit1.NotificationId, submit2.NotificationId);
         Assert.Equal("stable-msg-id", submit1.NotificationId);
     }
+
+    [Fact]
+    public async Task Deliver_CorruptJsonPayload_ReturnsTrue_AndDoesNotForwardAnything()
+    {
+        // Regression test for StoreAndForward-018. The design doc forbids parking
+        // notifications ("notifications do not park — they are retried at the fixed
+        // forward interval until central acks"; Component-StoreAndForward.md). The
+        // previous implementation returned false on a corrupt payload, which the S&F
+        // engine interprets as a permanent failure and parks the row — contradicting
+        // the invariant. The fix: discard a corrupt buffered notification by
+        // returning true (engine clears the buffer via its normal success path),
+        // with a Warning log line carrying the row id and a payload preview.
+        var centralProbe = CreateTestProbe();
+        var forwarder = new NotificationForwarder(
+            centralProbe.Ref, "site-7", ForwardTimeout);
+
+        var corrupt = new StoreAndForwardMessage
+        {
+            Id = "msg-corrupt",
+            Category = StoreAndForwardCategory.Notification,
+            Target = "Operators",
+            PayloadJson = "{not-valid-json",
+            OriginInstanceName = "Plant.Pump3",
+        };
+
+        Assert.True(await forwarder.DeliverAsync(corrupt));
+
+        // The corrupt-payload path must NOT round-trip to central — no
+        // NotificationSubmit / no Ask. ExpectNoMsg confirms nothing was forwarded.
+        centralProbe.ExpectNoMsg(TimeSpan.FromMilliseconds(200));
+    }
+
+    [Fact]
+    public async Task Deliver_NullDeserializedPayload_ReturnsTrue_AndDoesNotForwardAnything()
+    {
+        // The companion case to corrupt JSON: the payload is valid JSON but
+        // deserialises to null (e.g. "null"). Same treatment per StoreAndForward-018
+        // — discard rather than park.
+        var centralProbe = CreateTestProbe();
+        var forwarder = new NotificationForwarder(
+            centralProbe.Ref, "site-7", ForwardTimeout);
+
+        var nullPayload = new StoreAndForwardMessage
+        {
+            Id = "msg-null",
+            Category = StoreAndForwardCategory.Notification,
+            Target = "Operators",
+            PayloadJson = "null",
+            OriginInstanceName = "Plant.Pump3",
+        };
+
+        Assert.True(await forwarder.DeliverAsync(nullPayload));
+        centralProbe.ExpectNoMsg(TimeSpan.FromMilliseconds(200));
+    }
 }