docs: complete XML doc coverage (returns, summaries, inheritdoc)

Resolve all 622 issues flagged by the enhanced CommentChecker: add missing
<returns> tags (incl. the standard phrasing on non-generic Task methods),
add missing <summary> tags, and replace misused/redundant <inheritdoc/> on
members that override or implement nothing with real documentation.
Documentation-only — no behavior change; solution builds clean.

src/ZB.MOM.WW.ScadaBridge.ManagementService/AuditEndpoints.cs

@@ -89,6 +89,7 @@ public static class AuditEndpoints
     /// Registers the <c>/api/audit/query</c> and <c>/api/audit/export</c> minimal-API endpoints.
     /// </summary>
     /// <param name="endpoints">The endpoint route builder to register routes on.</param>
+    /// <returns>The same <paramref name="endpoints"/> builder, for chaining.</returns>
     public static IEndpointRouteBuilder MapAuditAPI(this IEndpointRouteBuilder endpoints)
     {
         endpoints.MapGet("/api/audit/query", (Delegate)HandleQuery);
@@ -104,6 +105,7 @@ public static class AuditEndpoints
     /// Handles <c>GET /api/audit/query</c>: authenticates, checks the OperationalAudit permission, and returns a keyset-paged JSON result.
     /// </summary>
     /// <param name="context">The HTTP context for the current request.</param>
+    /// <returns>A task that resolves to the HTTP result (200 JSON page, 401, or 403).</returns>
     internal static async Task<IResult> HandleQuery(HttpContext context)
     {
         var auth = await AuthenticateAsync(context);
@@ -163,6 +165,7 @@ public static class AuditEndpoints
     /// Handles <c>GET /api/audit/export</c>: authenticates, checks the AuditExport permission, and streams the matching rows as CSV or JSONL.
     /// </summary>
     /// <param name="context">The HTTP context for the current request.</param>
+    /// <returns>A task that resolves to the HTTP result (streaming CSV/JSONL, 400, 401, 403, or 501).</returns>
     internal static async Task<IResult> HandleExport(HttpContext context)
     {
         var auth = await AuthenticateAsync(context);
@@ -401,6 +404,8 @@ public static class AuditEndpoints
     /// with the permitted set) returns <c>null</c> so the caller gets a 403 rather
     /// than silently empty results.
     /// </summary>
+    /// <param name="filter">The caller-supplied audit-log query filter to scope.</param>
+    /// <param name="user">The authenticated user whose permitted site IDs constrain the filter.</param>
     /// <returns>
     /// The restricted filter, or <c>null</c> if the caller explicitly asked for
     /// sites entirely outside their permitted set.
@@ -455,6 +460,7 @@ public static class AuditEndpoints
     /// builder — so do NOT "fix" the two to a single key name.
     /// </remarks>
     /// <param name="query">The HTTP query string collection to parse filter parameters from.</param>
+    /// <returns>An <see cref="AuditLogQueryFilter"/> built from the supplied query parameters.</returns>
     public static AuditLogQueryFilter ParseFilter(IQueryCollection query)
     {
         var channels = AuditQueryParamParsers.ParseEnumList<AuditChannel>(query["channel"]);
@@ -506,6 +512,7 @@ public static class AuditEndpoints
     /// keyset cursor requires the pair together).
     /// </summary>
     /// <param name="query">The HTTP query string collection to parse paging parameters from.</param>
+    /// <returns>An <see cref="AuditLogPaging"/> built from the supplied query parameters.</returns>
     public static AuditLogPaging ParsePaging(IQueryCollection query)
     {
         int pageSize = DefaultPageSize;
@@ -576,6 +583,7 @@ public static class AuditEndpoints
     /// Formats a single <see cref="AuditEvent"/> as an RFC 4180 CSV row matching <see cref="CsvHeader"/>.
     /// </summary>
     /// <param name="evt">The audit event to format.</param>
+    /// <returns>An RFC 4180 CSV row string (no trailing newline) for the supplied event.</returns>
     public static string FormatCsvRow(AuditExportRow evt)
     {
         var sb = new StringBuilder(256);