feat(auth)!: ScadaBridge retire SQL Server ApiKey entity + ApprovedApiKeyIds + legacy hashing; EF migration RetireInboundApiKeyStore; re-issue runbook + CHANGELOG (re-arch C5/E) — BREAKING: X-API-Key -> Bearer sbk_, keys re-issued

src/ZB.MOM.WW.ScadaBridge.Host/Program.cs

@@ -118,14 +118,14 @@ try
         builder.Services.AddCentralUI();
         builder.Services.AddInboundAPI();
 
-        // Inbound-API auth re-arch (A+B), additive: stand up the shared
-        // ZB.MOM.WW.Auth.ApiKeys verifier + SQLite store + startup migration
-        // ALONGSIDE the legacy peppered-HMAC X-API-Key path. The POST
-        // /api/{methodName} endpoint now authenticates Bearer tokens
-        // (sbk_<keyId>_<secret>) and authorizes by scope == method name through
-        // this verifier. The legacy ApiKeyValidator/IApiKeyHasher remain
-        // registered (unused by the endpoint) until a later sub-task retires the
-        // SQL Server ApiKey entity.
+        // Inbound-API auth re-arch: the shared ZB.MOM.WW.Auth.ApiKeys verifier +
+        // SQLite store + startup migration are now the SOLE inbound-API auth path.
+        // The POST /api/{methodName} endpoint authenticates Bearer tokens
+        // (sbk_<keyId>_<secret>) and authorizes by scope == method name through this
+        // verifier. The legacy peppered-HMAC X-API-Key path — the SQL Server ApiKey
+        // entity, ApiKeyValidator, and IApiKeyHasher — was retired in re-arch C5; the
+        // ScadaBridge:InboundApi:ApiKeyPepper config key is now consumed only as the
+        // library verifier's pepper secret (PepperSecretName below).
         //
         // ApiKeyOptions is an init-only record, so the contract-mandated values
         // are injected as in-memory configuration UNDER the bound section path