refactor(adminui): explicit ClaimTypes.Role footer filter; fix stale NavSidebar comment

src/Server/ZB.MOM.WW.OtOpcUa.AdminUI/Components/Layout/MainLayout.razor

@@ -1,5 +1,5 @@
 @inherits LayoutComponentBase
-@using Microsoft.AspNetCore.Components.Routing
+@using System.Security.Claims
 
 @* Thin delegation to the shared ZB.MOM.WW.Theme side-rail chassis. ThemeShell owns
    the brand bar, the CSS-only narrow-viewport hamburger, and the responsive collapse,
@@ -38,7 +38,7 @@
                 <a class="rail-user" href="/account">@context.User.Identity?.Name</a>
                 <div class="rail-roles">
                     @string.Join(", ", context.User.Claims
-                        .Where(c => c.Type.EndsWith("/role")).Select(c => c.Value))
+                        .Where(c => c.Type == ClaimTypes.Role).Select(c => c.Value))
                 </div>
                 <form method="post" action="/auth/logout">
                     <AntiforgeryToken />

src/Server/ZB.MOM.WW.OtOpcUa.Host/Program.cs

@@ -147,7 +147,7 @@ if (hasAdmin)
     // registered". Idempotent on fused admin,driver nodes (TryAddEnumerable de-dups).
     builder.Services.AddOtOpcUaDriverProbes();
     // Flow AuthenticationState through cascading parameters so <AuthorizeView/> works
-    // inside interactive components (NavSidebar's session block).
+    // in the static MainLayout footer and other components (e.g. Account.razor, Routes.razor).
     builder.Services.AddCascadingAuthenticationState();
     builder.Services.AddSignalR();
     builder.Services.AddOtOpcUaAdminClients();