Add configurable non-transparent OPC UA server redundancy

Separates ApplicationUri from namespace identity so each instance in a
redundant pair has a unique server URI while sharing the same Galaxy
namespace. Exposes RedundancySupport, ServerUriArray, and dynamic
ServiceLevel through the standard OPC UA server object. ServiceLevel
is computed from role (Primary/Secondary) and runtime health (MXAccess
and DB connectivity). Adds CLI redundancy command, second deployed
service instance, and 31 new tests including paired-server integration.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docs/CliTool.md

@@ -222,3 +222,29 @@ The command builds an `EventFilter` with select clauses for 12 fields from the O
 When an `EventFieldList` notification arrives, the handler extracts these fields by index and prints a structured alarm event to the console showing the source name, condition name, active/acknowledged state, severity, message, retain flag, and suppressed/shelved status.
 
 The `--refresh` flag calls `subscription.ConditionRefreshAsync()` after the subscription is created, which asks the server to re-emit retained condition events so the operator sees the current alarm state immediately rather than waiting for the next transition.
+
+### redundancy
+
+Reads the OPC UA redundancy state from a server: `RedundancySupport`, `ServiceLevel`, `ServerUriArray`, and `ApplicationUri`.
+
+```bash
+dotnet run -- redundancy -u opc.tcp://localhost:4840/LmxOpcUa
+```
+
+Example output:
+
+```text
+Redundancy Mode:  Warm
+Service Level:    200
+Server URIs:
+  - urn:localhost:LmxOpcUa:instance1
+  - urn:localhost:LmxOpcUa:instance2
+Application URI:  urn:localhost:LmxOpcUa:instance1
+```
+
+| Flag | Description |
+|------|-------------|
+| `-u` | OPC UA server endpoint URL (required) |
+| `-S` | Transport security mode (default: none) |
+| `-U` | Username for authentication |
+| `-P` | Password for authentication |