fix(opcua): equipment-tag planner diff + folder-scoped NodeIds (review findings)

Two bundle-review fixes + idempotency coverage:
- CRITICAL: the planner ignored EquipmentTags, so an incremental deploy changing only
  equipment tags produced an empty plan and HandleRebuild short-circuited before
  materialising them. Add TagId to EquipmentTagPlan + Added/Removed/ChangedEquipmentTags
  to Phase7Plan (diffed by TagId, in IsEmpty, driving Apply's needsRebuild) — mirroring
  the GalaxyTags treatment.
- IMPORTANT: equipment variable NodeId was the raw driver FullName, which collides across
  identical machines (e.g. two PLCs both exposing register 40001) — the second variable
  was silently dropped. NodeId is now folder-scoped (parent/Name); FullName stays on
  EquipmentTagPlan for the later values-routing milestone.
- Task 4: SDK-backed idempotency test (double-apply -> single variable); restart-safety
  confirmed (RestoreApplied reuses the same RebuildAddressSpace -> HandleRebuild path).
- Minor: align composer equipment-tag sort with the artifact decoder (coalesce FolderPath).

src/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer/Phase7Applier.cs

@@ -70,18 +70,19 @@ public sealed class Phase7Applier
 
         var changedCount =
             plan.ChangedEquipment.Count + plan.ChangedDrivers.Count + plan.ChangedAlarms.Count +
-            plan.ChangedGalaxyTags.Count;
+            plan.ChangedGalaxyTags.Count + plan.ChangedEquipmentTags.Count;
         var addedCount =
             plan.AddedEquipment.Count + plan.AddedDrivers.Count + plan.AddedAlarms.Count +
-            plan.AddedGalaxyTags.Count;
+            plan.AddedGalaxyTags.Count + plan.AddedEquipmentTags.Count;
 
-        // Any add/remove of Equipment, ScriptedAlarm, or Galaxy tag topology requires a real
-        // address-space rebuild. Driver-instance changes don't touch the address-space topology
-        // directly — they go through DriverHostActor's spawn-plan in Runtime.
+        // Any add/remove of Equipment, ScriptedAlarm, Galaxy tag, or Equipment tag topology requires
+        // a real address-space rebuild. Driver-instance changes don't touch the address-space
+        // topology directly — they go through DriverHostActor's spawn-plan in Runtime.
         var needsRebuild =
             plan.AddedEquipment.Count > 0 || plan.RemovedEquipment.Count > 0 ||
             plan.AddedAlarms.Count > 0 || plan.RemovedAlarms.Count > 0 ||
-            plan.AddedGalaxyTags.Count > 0 || plan.RemovedGalaxyTags.Count > 0;
+            plan.AddedGalaxyTags.Count > 0 || plan.RemovedGalaxyTags.Count > 0 ||
+            plan.AddedEquipmentTags.Count > 0 || plan.RemovedEquipmentTags.Count > 0;
 
         if (needsRebuild)
         {
@@ -211,15 +212,19 @@ public sealed class Phase7Applier
             SafeEnsureFolder(folderNodeId, parentNodeId: tag.EquipmentId, displayName: tag.FolderPath);
         }
 
-        // Variables: NodeId = FullName (the driver-side reference → read/write routing key). Parent
-        // is the FolderPath sub-folder when set, else the equipment folder directly. Like the Galaxy
-        // pass, per-variable idempotency relies on the sink's own EnsureVariable idempotency.
+        // Variables: NodeId is FOLDER-SCOPED ("<parent>/<Name>"), NOT the raw FullName — a driver
+        // ref (e.g. a Modbus register) is not unique across identical machines, so FullName-as-NodeId
+        // would collide in the sink (EnsureVariable keys on NodeId) and drop all but one machine's
+        // signal. The driver-side FullName lives on EquipmentTagPlan for the later values milestone to
+        // route by. Parent is the FolderPath sub-folder when set, else the equipment folder directly.
+        // Like the Galaxy pass, per-variable idempotency relies on the sink's own EnsureVariable.
         foreach (var tag in composition.EquipmentTags)
         {
             var parent = string.IsNullOrWhiteSpace(tag.FolderPath)
                 ? tag.EquipmentId
                 : EquipmentSubFolderNodeId(tag.EquipmentId, tag.FolderPath);
-            SafeEnsureVariable(tag.FullName, parent, tag.Name, tag.DataType);
+            var nodeId = $"{parent}/{tag.Name}";
+            SafeEnsureVariable(nodeId, parent, tag.Name, tag.DataType);
         }
 
         _logger.LogInformation(