fix(server): wire PermissionTrieCache into AuthorizationGate for generation pinning

Core-002 fixed TriePermissionEvaluator to evaluate each request against
the session's bound AuthGenerationId rather than whatever the cache
currently holds. AuthorizationGate.BuildSessionState was not updated at
the same time: it hardcoded AuthGenerationId = 0, so the evaluator's
GetTrie(cluster, 0) call returned null for any generation != 0, causing
every gated operation to silently fail with NotGranted regardless of
actual grants. The 42 gate/matrix/deferred-hardening tests all started
failing as a result.

Fix: add an optional PermissionTrieCache parameter to AuthorizationGate;
BuildSessionState now stamps AuthGenerationId from the cache's current
generation for the session's cluster. AuthorizationBootstrap.BuildGateAsync
passes the cache it creates. All 7 test MakeGate helpers updated to pass
the cache so tests produce a valid AuthGenerationId. 433/433 server tests
now pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

tests/Server/ZB.MOM.WW.OtOpcUa.Server.Tests/BrowseGatingTests.cs

@@ -141,7 +141,7 @@ public sealed class BrowseGatingTests
         var cache = new PermissionTrieCache();
         cache.Install(PermissionTrieBuilder.Build("c1", 1, rows));
         var evaluator = new TriePermissionEvaluator(cache);
-        return new AuthorizationGate(evaluator, strictMode: strict);
+        return new AuthorizationGate(evaluator, strictMode: strict, trieCache: cache);
     }
 
     private static IUserIdentity NewIdentity(string name, params string[] groups) => new FakeIdentity(name, groups);