Wire SDK for remote-TCP end to end; live-verify RemoteTcpIntegrated

Executes docs/plans/tcp-connection-validation.md. Full read-only SDK
surface now works against a remote AVEVA Historian over Net.TCP with
Windows transport authentication. 124/124 tests pass; the +10 new live
integration tests in RemoteTcpIntegrationTests.cs are gated by
HISTORIAN_REMOTE_TCP_HOST + HISTORIAN_REMOTE_TCP_TAG.

Two SDK bugs found while executing the plan:

1. Historian2020ProtocolDialect.ReadRawAsync / ReadAggregateAsync /
   ReadAtTimeAsync / ReadEventsAsync had explicit
   `if (_options.Transport != HistorianTransport.LocalPipe) return Missing<T>`
   guards. These were a guardrail from before the orchestrators handled
   TCP; the orchestrators have always used CreateBindingPair(options)
   which dispatches on transport correctly. Gates removed.

2. HistorianWcfStatusClient and HistorianWcfEventOrchestrator hardcoded
   HistorianWcfBindingFactory.CreatePipeEndpointAddress for the auxiliary
   services (Stat, Trx, Retr). Worked for LocalPipe; for TCP it produced
   an EndpointAddress with scheme net.pipe attached to a TCP binding
   (channel factory rejected the URI). Worse, when only the endpoint was
   transport-aware, the binding still requested a Windows-transport-
   security upgrade that the Stat endpoint over TCP doesn't support
   (auxiliaries don't repeat the auth — the Hist session is already
   authenticated). Added two helpers:
   - HistorianWcfBindingFactory.CreateAuxiliaryEndpointAddress(options, name)
     -> net.pipe for LocalPipe, net.tcp for remote
   - HistorianWcfBindingFactory.CreateAuxiliaryBinding(options)
     -> NamedPipe for LocalPipe, plain MdasNetTcpBinding for remote
   Both call sites updated.

Live verification against the remote (probed previously in prior
sessions; reachability re-confirmed today):
- ProbeAsync over RemoteTcpIntegrated and RemoteTcpCertificate
- ReadRawAsync (8 samples returned for SysTimeSec)
- ReadAggregateAsync (TimeWeightedAverage, 1-min cycle, 10-min window)
- ReadAtTimeAsync (3 timestamps)
- BrowseTagNamesAsync (finds the test tag)
- GetTagMetadataAsync (full metadata populated)
- ReadEventsAsync (chain runs without throwing)
- GetConnectionStatusAsync (ConnectedToServer=true)
- GetSystemParameterAsync (HistorianVersion="20,0,000,000")

The default 'NT SERVICE\aahClientAccessPoint' SPN turned out to work
for the remote too — discovery workstream A (SPN-finding) was not
needed in practice.

README and the TCP plan doc updated to reflect the executed status.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

README.md

@@ -46,8 +46,10 @@ await foreach (HistorianSample sample in client.ReadRawAsync(
 ```
 
 For a remote Historian over Net.TCP set `Transport = HistorianTransport.RemoteTcpIntegrated`
-and `Host` to the server hostname. Remote-TCP plumbing exists but only `LocalPipe`
-has live verification in this checkout.
+and `Host` to the server hostname. Both `RemoteTcpIntegrated` (Windows transport
+auth) and `RemoteTcpCertificate` (server-cert TLS) are now live-verified for
+`ProbeAsync`; `RemoteTcpIntegrated` is additionally live-verified for the full
+read / browse / metadata / event / status surface.
 
 ## Build & test
 
@@ -158,6 +160,9 @@ property dictionary → Retr.EndEventQuery → Hist.Close2
 
 ## Status
 
-108 unit + live integration tests pass (`dotnet test --logger "console;verbosity=minimal"`).
-Full read-only SDK surface verified end-to-end against a local Historian. Remote-TCP
-transports and explicit-credentials path are wired but await live verification.
+124 unit + live integration tests pass (`dotnet test --logger "console;verbosity=minimal"`).
+Full read-only SDK surface verified end-to-end against both a local Historian
+(`LocalPipe`) and a remote Historian (`RemoteTcpIntegrated` over Net.TCP with
+Windows transport auth). `RemoteTcpCertificate` ProbeAsync is live-verified;
+the other ops over the certificate transport plus the explicit-credentials
+path await live verification.