Add authentication and role-based write access control

Implements configurable user authentication (anonymous + username/password)
with pluggable credential provider (IUserAuthenticationProvider). Anonymous
writes can be disabled via AnonymousCanWrite setting while reads remain
open. Adds -U/-P flags to all CLI commands for authenticated sessions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/ZB.MOM.WW.LmxOpcUa.Host/appsettings.json

@@ -31,6 +31,11 @@
     "Port": 8081,
     "RefreshIntervalSeconds": 10
   },
+  "Authentication": {
+    "AllowAnonymous": true,
+    "AnonymousCanWrite": true,
+    "Users": []
+  },
   "Historian": {
     "Enabled": false,
     "ConnectionString": "Server=localhost;Database=Runtime;Integrated Security=true;",