fix(configuration): resolve Low code-review findings (Configuration-004,005,007,010,011)

- Configuration-004: NodePermissions stored as int to match the EF
  HasConversion<int>() in OtOpcUaConfigDbContext.ConfigureNodeAcl.
- Configuration-005: serialise LiteDbConfigCache.PutAsync so concurrent
  Put for the same (ClusterId, GenerationId) cannot duplicate rows.
- Configuration-007: rethrow OperationCanceledException from
  GenerationApplier.ApplyPass when the caller's token is cancelled.
- Configuration-010: scrub secrets and drop the full exception object
  from the ResilientConfigReader fallback warning log.
- Configuration-011: pin the previously-uncovered GenerationApplier
  cancellation and path-length / publish-validation paths.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/Core/ZB.MOM.WW.OtOpcUa.Configuration/LocalCache/LiteDbConfigCache.cs

@@ -13,6 +13,12 @@ public sealed class LiteDbConfigCache : ILocalConfigCache, IDisposable
     private const string CollectionName = "generations";
     private readonly LiteDatabase _db;
     private readonly ILiteCollection<GenerationSnapshot> _col;
+    // PutAsync is a find-then-insert/update; without serialization, two concurrent puts for the
+    // same (ClusterId, GenerationId) can both observe `existing is null` and both Insert,
+    // producing duplicate rows (Configuration-005). Serialize writes through this semaphore so
+    // the read-modify-write block is atomic for a given instance. LiteDB itself only locks the
+    // page-level write, not the find-then-insert window.
+    private readonly SemaphoreSlim _writeGate = new(initialCount: 1, maxCount: 1);
 
     public LiteDbConfigCache(string dbPath)
     {
@@ -47,23 +53,32 @@ public sealed class LiteDbConfigCache : ILocalConfigCache, IDisposable
         return Task.FromResult<GenerationSnapshot?>(snapshot);
     }
 
-    public Task PutAsync(GenerationSnapshot snapshot, CancellationToken ct = default)
+    public async Task PutAsync(GenerationSnapshot snapshot, CancellationToken ct = default)
     {
         ct.ThrowIfCancellationRequested();
-        // upsert by (ClusterId, GenerationId) — replace in place if already cached
-        var existing = _col
-            .Find(s => s.ClusterId == snapshot.ClusterId && s.GenerationId == snapshot.GenerationId)
-            .FirstOrDefault();
-
-        if (existing is null)
-            _col.Insert(snapshot);
-        else
+        // Serialize the find-then-insert/update so concurrent callers do not observe a stale
+        // `existing is null` and both Insert (Configuration-005). LiteDB's per-call lock is
+        // not enough — the read and the write are independent calls.
+        await _writeGate.WaitAsync(ct).ConfigureAwait(false);
+        try
         {
-            snapshot.Id = existing.Id;
-            _col.Update(snapshot);
-        }
+            // upsert by (ClusterId, GenerationId) — replace in place if already cached
+            var existing = _col
+                .Find(s => s.ClusterId == snapshot.ClusterId && s.GenerationId == snapshot.GenerationId)
+                .FirstOrDefault();
 
-        return Task.CompletedTask;
+            if (existing is null)
+                _col.Insert(snapshot);
+            else
+            {
+                snapshot.Id = existing.Id;
+                _col.Update(snapshot);
+            }
+        }
+        finally
+        {
+            _writeGate.Release();
+        }
     }
 
     public Task PruneOldGenerationsAsync(string clusterId, int keepLatest = 10, CancellationToken ct = default)
@@ -82,7 +97,11 @@ public sealed class LiteDbConfigCache : ILocalConfigCache, IDisposable
         return Task.CompletedTask;
     }
 
-    public void Dispose() => _db.Dispose();
+    public void Dispose()
+    {
+        _writeGate.Dispose();
+        _db.Dispose();
+    }
 }
 
 public sealed class LocalConfigCacheCorruptException(string message, Exception inner)