fix(driver-focas): resolve Medium code-review finding (Driver.FOCAS-005)

Guard all _health field accesses with Volatile.Read / Volatile.Write.
ReadAsync, WriteAsync, and ProbeLoopAsync run on different threads and
several updates are read-modify-write (new DriverHealth(_, _health.X, _)).
Without volatile semantics a concurrent update can be lost or a stale
LastSuccessfulRead timestamp propagated.  DriverHealth is an immutable
record so Volatile is sufficient — no lock needed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

code-reviews/Driver.FOCAS/findings.md

@@ -7,7 +7,7 @@
 | Review date | 2026-05-22 |
 | Commit reviewed | `76d35d1` |
 | Status | Reviewed |
-| Open findings | 8 |
+| Open findings | 7 |
 
 ## Checklist coverage
 
@@ -146,7 +146,7 @@ all FOCAS tags as `ViewOnly` is the simplest correct behaviour.
 | Severity | Medium |
 | Category | Concurrency & thread safety |
 | Location | `FocasDriver.cs:28`, `FocasDriver.cs:206-215`, `FocasDriver.cs:261`, `FocasDriver.cs:274` |
-| Status | Open |
+| Status | Resolved |
 
 **Description:** `_health` is a plain (non-volatile) field mutated from multiple
 concurrent contexts - `ReadAsync`, `WriteAsync`, and the per-device `ProbeLoopAsync` can
@@ -163,7 +163,7 @@ torn-in-time state and successful-read timestamps can regress.
 value from a single captured snapshot. The `DeviceState`/`HostState` transition already
 uses `ProbeLock`; apply the same discipline to driver health.
 
-**Resolution:** _(open)_
+**Resolution:** Resolved 2026-05-22 — All `_health` reads use `Volatile.Read(ref _health)` and all writes use `Volatile.Write(ref _health, ...)`, ensuring every thread observes the latest reference and multi-step read-modify-write sequences capture a stable snapshot before computing the new value.
 
 ### Driver.FOCAS-006