fix(audit): M5.3 review I-1 — use the request-start options snapshot for header redaction (no mid-request reload split)

src/ZB.MOM.WW.ScadaBridge.InboundAPI/Middleware/AuditWriteMiddleware.cs

@@ -234,6 +234,7 @@ public sealed class AuditWriteMiddleware
 
             EmitInboundAudit(
                 ctx,
+                opts,
                 sw.ElapsedMilliseconds,
                 thrown,
                 requestBody,
@@ -251,6 +252,7 @@ public sealed class AuditWriteMiddleware
     /// </summary>
     private void EmitInboundAudit(
         HttpContext ctx,
+        AuditLogOptions opts,
         long durationMs,
         Exception? thrown,
         string? requestBody,
@@ -289,10 +291,13 @@ public sealed class AuditWriteMiddleware
             // collection is run through the SAME header-redaction list
             // (AuditLogOptions.HeaderRedactList) that the ScadaBridgeAuditRedactor
             // applies to RequestSummary / ResponseSummary — auth/sensitive
-            // headers are redacted before they land in the row.
+            // headers are redacted before they land in the row. Uses the SAME
-            var currentOpts = _options.CurrentValue;
+            // options snapshot captured at request start (passed in as opts) as
+            // the SkipBodyCapture / PerTargetOverrides decisions, so a mid-request
+            // live-reload can't split the body-capture and header-redaction
+            // verdicts across two different snapshots.
             var redactSet = new HashSet<string>(
-                currentOpts.HeaderRedactList,
+                opts.HeaderRedactList,
                 StringComparer.OrdinalIgnoreCase);
 
             var headerDict = new Dictionary<string, string>(StringComparer.Ordinal);