Add configurable transport security profiles and bind address

Adds Security section to appsettings.json with configurable OPC UA
transport profiles (None, Basic256Sha256-Sign, Basic256Sha256-SignAndEncrypt),
certificate policy settings, and a configurable BindAddress for the
OPC UA endpoint. Defaults preserve backward compatibility.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

tests/ZB.MOM.WW.LmxOpcUa.Tests/Security/SecurityProfileConfigurationTests.cs

@@ -0,0 +1,52 @@
+using Shouldly;
+using Xunit;
+using ZB.MOM.WW.LmxOpcUa.Host.Configuration;
+
+namespace ZB.MOM.WW.LmxOpcUa.Tests.Security
+{
+    public class SecurityProfileConfigurationTests
+    {
+        [Fact]
+        public void DefaultConfig_HasNoneProfile()
+        {
+            var config = new SecurityProfileConfiguration();
+            config.Profiles.ShouldContain("None");
+            config.Profiles.Count.ShouldBe(1);
+        }
+
+        [Fact]
+        public void DefaultConfig_AutoAcceptTrue()
+        {
+            var config = new SecurityProfileConfiguration();
+            config.AutoAcceptClientCertificates.ShouldBe(true);
+        }
+
+        [Fact]
+        public void DefaultConfig_RejectSha1True()
+        {
+            var config = new SecurityProfileConfiguration();
+            config.RejectSHA1Certificates.ShouldBe(true);
+        }
+
+        [Fact]
+        public void DefaultConfig_MinKeySize2048()
+        {
+            var config = new SecurityProfileConfiguration();
+            config.MinimumCertificateKeySize.ShouldBe(2048);
+        }
+
+        [Fact]
+        public void DefaultConfig_PkiRootPathNull()
+        {
+            var config = new SecurityProfileConfiguration();
+            config.PkiRootPath.ShouldBeNull();
+        }
+
+        [Fact]
+        public void DefaultConfig_CertificateSubjectNull()
+        {
+            var config = new SecurityProfileConfiguration();
+            config.CertificateSubject.ShouldBeNull();
+        }
+    }
+}