fix(scripting): resolve Medium code-review finding (Core.Scripting-004)

DependencyExtractor.VisitInvocationExpression now additionally checks
that the member-access receiver is the identifier "ctx" before treating
a GetTag / SetVirtualTag call as a ScriptContext dependency. This
prevents spurious dependencies when a script defines a local helper type
with a matching method name and calls it as other.GetTag("X"). Test
Ignores_member_access_GetTag_on_non_ctx_receiver added.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

tests/Core/ZB.MOM.WW.OtOpcUa.Core.Scripting.Tests/DependencyExtractorTests.cs

@@ -133,7 +133,7 @@ public sealed class DependencyExtractorTests
     }
 
     [Fact]
-    public void Ignores_non_ctx_method_named_GetTag()
+    public void Ignores_non_ctx_method_named_GetTag_free_function()
     {
         // Scripts are free to define their own helper called "GetTag" — as long as it's
         // not on the ctx instance, the extractor doesn't pick it up. The sandbox
@@ -147,6 +147,24 @@ public sealed class DependencyExtractorTests
         result.Reads.ShouldBeEmpty();
     }
 
+    [Fact]
+    public void Ignores_member_access_GetTag_on_non_ctx_receiver()
+    {
+        // A member-access call to GetTag on a non-ctx identifier must NOT be treated as
+        // a ScriptContext dependency. The old walker accepted any receiver; the fix
+        // requires the receiver to be the identifier "ctx". (Core.Scripting-004.)
+        var result = DependencyExtractor.Extract(
+            """
+            class Helper { public object GetTag(string p) => p; }
+            var h = new Helper();
+            var v = h.GetTag("X");
+            return ctx.GetTag("RealTag").Value;
+            """);
+        result.IsValid.ShouldBeTrue();
+        result.Reads.ShouldContain("RealTag");
+        result.Reads.ShouldNotContain("X");
+    }
+
     [Fact]
     public void Empty_source_is_a_no_op()
     {