fix(auth): C4 review polish — document backward-compat JSON tolerance, shared BundleJsonOptions, PreviewAsync legacy-bundle test, doc fix (review I-2/I-3/M-1/M-2; I-1 intentionally skipped)

src/ZB.MOM.WW.ScadaBridge.Transport/Import/BundleImporter.cs

@@ -1,7 +1,6 @@
 using System.IO.Compression;
 using System.Security.Cryptography;
 using System.Text.Json;
-using System.Text.Json.Serialization;
 using Microsoft.Extensions.Options;
 using ZB.MOM.WW.ScadaBridge.Commons.Entities.ExternalSystems;
 using ZB.MOM.WW.ScadaBridge.Commons.Entities.InboundApi;
@@ -45,12 +44,14 @@ namespace ZB.MOM.WW.ScadaBridge.Transport.Import;
 /// </summary>
 public sealed class BundleImporter : IBundleImporter
 {
-    private static readonly JsonSerializerOptions ContentJsonOptions = new()
-    {
-        WriteIndented = false,
-        DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull,
-        Converters = { new JsonStringEnumConverter() },
-    };
+    // All bundle content deserialization goes through BundleJsonOptions.Default.
+    // IMPORTANT — unknown JSON properties must remain ALLOWED (the default
+    // JsonUnmappedMemberHandling.Skip). Pre-C4 bundles may carry a top-level
+    // "apiKeys" array and/or "ApprovedApiKeyIds" inside "apiMethods[]" entries.
+    // Setting JsonUnmappedMemberHandling.Disallow here would cause those bundles
+    // to fail deserialization, breaking backward-compat. This tolerance is
+    // load-bearing and must not be changed. (Fix I-2)
+    private static readonly JsonSerializerOptions ContentJsonOptions = BundleJsonOptions.Default;
 
     private readonly BundleSerializer _bundleSerializer;
     private readonly ManifestValidator _manifestValidator;