chore(security): drop dead audit suppressions; patch OpenTelemetry + Tmds.DBus CVEs

All five suppressed advisories are now resolved at baseline/resolved versions,
so every NuGetAuditSuppress is removed repo-wide:
- System.Security.Cryptography.Xml (GHSA-37gx-xxp4-5rgx / GHSA-w3x6-4m5h-cxqf)
  -> fixed by the .NET 10 baseline (10.0.6)
- OPCFoundation Opc.Ua.Core (GHSA-h958-fxgg-g7w3) -> fixed at resolved 1.5.378.106

Two were still live and are now patched via direct security pins:
- OpenTelemetry.Api 1.9.0 -> 1.15.3 (GHSA-g94r-2vxg-569j) pinned in Cluster;
  Runtime/ControlPlane/AdminUI + tests inherit via project reference
- Tmds.DBus.Protocol 0.20.0 -> 0.21.3 (GHSA-xrw6-gwf8-vvr9) pinned in Client.UI

Also correct the Historian sidecar runtime comments (x86 -> x64, matching the
csproj PlatformTarget). Solution audit: 0 vulnerable packages; full build clean.

src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Galaxy/ZB.MOM.WW.OtOpcUa.Driver.Galaxy.csproj

@@ -32,9 +32,4 @@
         <InternalsVisibleTo Include="ZB.MOM.WW.OtOpcUa.Driver.Galaxy.Tests"/>
     </ItemGroup>
 
-    <ItemGroup>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-37gx-xxp4-5rgx"/>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-w3x6-4m5h-cxqf"/>
-    </ItemGroup>
-
 </Project>

src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client/Internal/QualityMapper.cs

@@ -4,7 +4,7 @@ namespace ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client.Internal;
 ///     Maps a raw OPC DA quality byte (as returned by Wonderware Historian's <c>OpcQuality</c>)
 ///     to an OPC UA <c>StatusCode</c> uint. Byte-identical port of the sidecar's
 ///     <c>HistorianQualityMapper.Map</c> — kept in sync via parity tests rather than a
-///     shared assembly because the sidecar is .NET 4.8 x86 and the client is .NET 10 x64.
+///     shared assembly because the sidecar is .NET 4.8 (x64) and the client is .NET 10 (x64).
 /// </summary>
 internal static class QualityMapper
 {

src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client/Ipc/Contracts.cs

@@ -4,7 +4,7 @@ namespace ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client.Ipc;
 
 // ============================================================================
 // Wire DTOs for the sidecar pipe protocol — byte-identical mirror of the
-// sidecar's Contracts.cs. The sidecar is .NET 4.8 x86; this client is .NET 10
+// sidecar's Contracts.cs. The sidecar is .NET 4.8 x64; this client is .NET 10
 // x64. Both ends carry their own copy of these MessagePack DTOs and stay in
 // sync via the round-trip tests in PR 3.4 + the byte-equality parity test.
 //

src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client/Ipc/Framing.cs

@@ -8,9 +8,9 @@ namespace ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client.Ipc;
 /// </summary>
 /// <remarks>
 ///     Byte-identical mirror of the sidecar's <c>Driver.Historian.Wonderware.Ipc.Framing</c>.
-///     The sidecar is .NET 4.8 x86; this client is .NET 10 x64 — they cannot share an
-///     assembly, so the wire constants are duplicated here. PR 3.4 ships round-trip tests
-///     that pin the byte-level parity.
+///     The sidecar is .NET 4.8 x64; this client is .NET 10 x64 — the differing target
+///     frameworks mean they cannot share an assembly, so the wire constants are duplicated
+///     here. PR 3.4 ships round-trip tests that pin the byte-level parity.
 /// </remarks>
 public static class Framing
 {

src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client.csproj

@@ -27,19 +27,4 @@
         <InternalsVisibleTo Include="ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.Client.Tests"/>
     </ItemGroup>
 
-    <ItemGroup>
-        <!--
-            GHSA-37gx-xxp4-5rgx (MessagePack — unsafe deserialization via dynamic code generation)
-            GHSA-w3x6-4m5h-cxqf (MessagePack — TypelessContractlessStandardResolver gadget chain)
-
-            Neither advisory applies to this module's usage: all deserialization here uses the
-            default StandardResolver (primitive types only). TypelessContractlessStandardResolver
-            is never referenced and no DynamicUnion / DynamicGenericResolver is registered.
-            DeserializeSampleValue() enforces a 64 KiB per-sample ValueBytes cap (finding 007).
-            Revisit once MessagePack 3.x is available and drop these suppressions at that time.
-        -->
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-37gx-xxp4-5rgx"/>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-w3x6-4m5h-cxqf"/>
-    </ItemGroup>
-
 </Project>

src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware/ZB.MOM.WW.OtOpcUa.Driver.Historian.Wonderware.csproj

@@ -63,9 +63,4 @@
         </None>
     </ItemGroup>
 
-    <ItemGroup>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-37gx-xxp4-5rgx"/>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-w3x6-4m5h-cxqf"/>
-    </ItemGroup>
-
 </Project>

src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.Modbus/ZB.MOM.WW.OtOpcUa.Driver.Modbus.csproj

@@ -22,9 +22,4 @@
         <InternalsVisibleTo Include="ZB.MOM.WW.OtOpcUa.Driver.Modbus.Tests"/>
     </ItemGroup>
 
-    <ItemGroup>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-37gx-xxp4-5rgx"/>
-        <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-w3x6-4m5h-cxqf"/>
-    </ItemGroup>
-
 </Project>