fix(driver-historian-wonderware-client): resolve Medium code-review finding (Driver.Historian.Wonderware.Client-007)

Introduce DeserializeSampleValue() helper that enforces a 64 KiB per-sample
ValueBytes size cap before calling MessagePackSerializer.Deserialize<object>,
and documents that the default StandardResolver (primitive-only, no typeless
or dynamic-type resolution) is in use. Both ToSnapshots and AlignAtTimeSnapshots
route through the new helper. Add inline XML comments to the two NuGetAuditSuppress
entries in the csproj recording the advisory title, why each does not apply to
this module's primitive-only deserialization, and when to revisit.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

code-reviews/Driver.Historian.Wonderware.Client/findings.md

@@ -191,7 +191,7 @@ retry/backoff is owned by the caller (the alarm drain worker / history router).
 | Severity | Medium |
 | Category | Security |
 | Location | `WonderwareHistorianClient.cs:276` |
-| Status | Open |
+| Status | Resolved |
 
 **Description:** `ToSnapshots` deserializes peer-supplied bytes with
 `MessagePackSerializer.Deserialize<object>(dto.ValueBytes)`, typeless MessagePack
@@ -209,7 +209,7 @@ that. Prefer round-tripping the value as a constrained set of known primitive ty
 than `object`, and validate `ValueBytes.Length` against a sane per-sample cap before
 deserializing.
 
-**Resolution:** _(open)_
+**Resolution:** Resolved 2026-05-22 — added `DeserializeSampleValue()` helper that enforces a 64 KiB per-sample `ValueBytes` cap before deserialization and documents that the default `StandardResolver` (primitive-only, no `TypelessContractlessStandardResolver`) is in use; both `ToSnapshots` and `AlignAtTimeSnapshots` now route through the helper; added inline XML comments to the two `NuGetAuditSuppress` entries in the csproj stating the advisory title, why it does not apply to this usage, and the revisit trigger.
 
 ### Driver.Historian.Wonderware.Client-008