chore(security): drop dead audit suppressions; patch OpenTelemetry + Tmds.DBus CVEs

All five suppressed advisories are now resolved at baseline/resolved versions,
so every NuGetAuditSuppress is removed repo-wide:
- System.Security.Cryptography.Xml (GHSA-37gx-xxp4-5rgx / GHSA-w3x6-4m5h-cxqf)
  -> fixed by the .NET 10 baseline (10.0.6)
- OPCFoundation Opc.Ua.Core (GHSA-h958-fxgg-g7w3) -> fixed at resolved 1.5.378.106

Two were still live and are now patched via direct security pins:
- OpenTelemetry.Api 1.9.0 -> 1.15.3 (GHSA-g94r-2vxg-569j) pinned in Cluster;
  Runtime/ControlPlane/AdminUI + tests inherit via project reference
- Tmds.DBus.Protocol 0.20.0 -> 0.21.3 (GHSA-xrw6-gwf8-vvr9) pinned in Client.UI

Also correct the Historian sidecar runtime comments (x86 -> x64, matching the
csproj PlatformTarget). Solution audit: 0 vulnerable packages; full build clean.

src/Core/ZB.MOM.WW.OtOpcUa.Cluster/ZB.MOM.WW.OtOpcUa.Cluster.csproj

@@ -15,6 +15,17 @@
         <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions"/>
     </ItemGroup>
 
+    <ItemGroup>
+        <!-- Security pin: OpenTelemetry.Api is pulled transitively at 1.9.0, which carries
+             GHSA-g94r-2vxg-569j (header-parse memory DoS, Moderate). Force the patched 1.15.3
+             (the meta + ProviderBuilderExtensions move in lockstep). Pinning on this low-level
+             project lifts the whole server stack — Runtime / ControlPlane / AdminUI and their
+             test projects inherit 1.15.3 via project reference (highest-version-wins). -->
+        <PackageReference Include="OpenTelemetry"/>
+        <PackageReference Include="OpenTelemetry.Api"/>
+        <PackageReference Include="OpenTelemetry.Api.ProviderBuilderExtensions"/>
+    </ItemGroup>
+
     <ItemGroup>
         <ProjectReference Include="..\ZB.MOM.WW.OtOpcUa.Commons\ZB.MOM.WW.OtOpcUa.Commons.csproj"/>
     </ItemGroup>
@@ -23,10 +34,4 @@
         <EmbeddedResource Include="Resources\akka.conf"/>
     </ItemGroup>
 
-    <ItemGroup>
-        <!-- OpenTelemetry.Api 1.9.0 reaches this project transitively from Akka.Cluster.Hosting.
-             Bump arrives when Akka updates its OTel dependency; tracked separately. -->
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-g94r-2vxg-569j"/>
-    </ItemGroup>
-
 </Project>

src/Core/ZB.MOM.WW.OtOpcUa.Configuration/ZB.MOM.WW.OtOpcUa.Configuration.csproj

@@ -25,18 +25,6 @@
         <PackageReference Include="Polly.Core"/>
     </ItemGroup>
 
-    <ItemGroup>
-        <!--
-            System.Security.Cryptography.Xml reaches this project transitively from
-            Microsoft.EntityFrameworkCore.Design → Microsoft.Build.Tasks.Core. EF Core Design is
-            marked PrivateAssets=all (design-time only, never shipped at runtime), and we do not
-            use XML digital signatures. Fix is only available in 11.0.0-preview. Suppress the two
-            advisories until a stable 11.x is released or the transitive chain is updated.
-        -->
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-37gx-xxp4-5rgx"/>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-w3x6-4m5h-cxqf"/>
-    </ItemGroup>
-
     <ItemGroup>
         <ProjectReference Include="..\ZB.MOM.WW.OtOpcUa.Core.Abstractions\ZB.MOM.WW.OtOpcUa.Core.Abstractions.csproj"/>
     </ItemGroup>

src/Core/ZB.MOM.WW.OtOpcUa.Core.AlarmHistorian/ZB.MOM.WW.OtOpcUa.Core.AlarmHistorian.csproj

@@ -24,9 +24,4 @@
         <InternalsVisibleTo Include="ZB.MOM.WW.OtOpcUa.Core.AlarmHistorian.Tests"/>
     </ItemGroup>
 
-    <ItemGroup>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-37gx-xxp4-5rgx"/>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-w3x6-4m5h-cxqf"/>
-    </ItemGroup>
-
 </Project>

src/Core/ZB.MOM.WW.OtOpcUa.Core.ScriptedAlarms/ZB.MOM.WW.OtOpcUa.Core.ScriptedAlarms.csproj

@@ -25,9 +25,4 @@
         <InternalsVisibleTo Include="ZB.MOM.WW.OtOpcUa.Core.ScriptedAlarms.Tests"/>
     </ItemGroup>
 
-    <ItemGroup>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-37gx-xxp4-5rgx"/>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-w3x6-4m5h-cxqf"/>
-    </ItemGroup>
-
 </Project>

src/Core/ZB.MOM.WW.OtOpcUa.Core.Scripting/ZB.MOM.WW.OtOpcUa.Core.Scripting.csproj

@@ -29,9 +29,4 @@
         <InternalsVisibleTo Include="ZB.MOM.WW.OtOpcUa.Core.Scripting.Tests"/>
     </ItemGroup>
 
-    <ItemGroup>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-37gx-xxp4-5rgx"/>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-w3x6-4m5h-cxqf"/>
-    </ItemGroup>
-
 </Project>

src/Core/ZB.MOM.WW.OtOpcUa.Core.VirtualTags/ZB.MOM.WW.OtOpcUa.Core.VirtualTags.csproj

@@ -25,9 +25,4 @@
         <InternalsVisibleTo Include="ZB.MOM.WW.OtOpcUa.Core.VirtualTags.Tests"/>
     </ItemGroup>
 
-    <ItemGroup>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-37gx-xxp4-5rgx"/>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-w3x6-4m5h-cxqf"/>
-    </ItemGroup>
-
 </Project>

src/Core/ZB.MOM.WW.OtOpcUa.Core/ZB.MOM.WW.OtOpcUa.Core.csproj

@@ -25,9 +25,4 @@
         <InternalsVisibleTo Include="ZB.MOM.WW.OtOpcUa.Core.Tests"/>
     </ItemGroup>
 
-    <ItemGroup>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-37gx-xxp4-5rgx"/>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-w3x6-4m5h-cxqf"/>
-    </ItemGroup>
-
 </Project>