[F28] mxaccess-asb: canonical XML signing for all 8 remaining ops

Closes F28. The 5 [XmlSerializerFormat] ops landed in commit f14580e
(2026-05-05); this commit closes out the remaining 8 ConnectedRequest
shapes, eliminating the legacy NBFX-bytes signing fallback from every
`client::*` op.

Two deliverables:

1. Extended `MxAsbClient.Probe --dump-signed-xml` (.NET probe) to
   emit deterministic canonical-XML output for ReadRequest,
   WriteBasicRequest, PublishWriteCompleteRequest,
   CreateSubscriptionRequest, DeleteSubscriptionRequest,
   AddMonitoredItemsRequest, DeleteMonitoredItemsRequest,
   PublishRequest. Saved 8 fixtures at
   rust/crates/mxaccess-asb/tests/fixtures/signed-xml/*.xml. Pinned
   field values for reproducibility:
     - SubscriptionId = 0x1234_5678_9abc_def0
     - MaxQueueSize = 100, SampleInterval = 1000
     - WriteHandle = 0xDEAD_BEEF
     - WriteValue = Variant.FromInt32(42)
     - MonitoredItem with the existing sample-item shape

2. Ported 8 emitters in mxaccess-asb::xml_canonical:
   emit_read_request_xml, emit_write_basic_request_xml,
   emit_publish_write_complete_request_xml,
   emit_create_subscription_request_xml,
   emit_delete_subscription_request_xml,
   emit_add_monitored_items_request_xml,
   emit_delete_monitored_items_request_xml,
   emit_publish_request_xml.

   New helpers consolidate XmlSerializer's per-namespace shapes:
     - emit_invensys_text — primitive int/long fields in the parent
       urn:invensys.schemas namespace (no xmlns redeclaration).
     - emit_write_value — <Values> wrapper inlining
       Value (Variant), Status (default AsbStatus), Comment (xsi:nil).
     - emit_monitored_item — <Items> wrapper inlining
       Item, SampleInterval, ValueDeadband, UserData, Buffered.
     - emit_inline_item_identity — ItemIdentity rendered as a child
       of MonitoredItem (single xmlns redeclaration on the wrapper,
       children inherit).
     - emit_inline_text + emit_inline_optional_string —
       no-redeclaration variants of emit_iom_text +
       emit_iom_optional_string.
     - emit_idata_variant — Variant's Type/Length/Payload children
       in the http://asb.contracts.idata.data/20111111 namespace
       (Payload self-closes with xsi:nil when Length=0).
     - emit_iom_default_variant — wrapper for ValueDeadband / UserData
       (default-shape Variant in iom:2 namespace).

   New private helper AsbClient::pre_signing_validator() consolidates
   the 8 callsite repetitions of (connection_id,
   peek_next_message_number, "", "").

Wired into client::* — every send_signed_envelope[_one_way] call now
passes Some(&xml) for xml_for_signing. The 8 ops affected: read,
write, publish_write_complete, delete_monitored_items,
create_subscription, add_monitored_items, publish,
delete_subscription (plus their _once retry-loop variants).

8 new fixture-comparison tests (mxaccess-asb 87 → 95). Each emitter
byte-equal vs the .NET fixture on the first try — no iteration
needed. Workspace clippy clean.

Live verification: `cargo run -p mxaccess --example asb-subscribe`
returns TestChildObject.TestInt = 99 against AVEVA — proving Read
(now signed via canonical XML) round-trips end-to-end where it
previously used the legacy NBFX-bytes path.

The remaining 7 ops are wire-tested at fixture-byte-equality only;
live exercise is gated on the F33 follow-on capture for
subscribe-flow ops, but the canonical XML matches the .NET reference
byte-for-byte, so the HMAC will match by construction once the
session is in a state to issue those ops.

design/followups.md:
  - F28 moved to Resolved with the full two-step audit trail.
  - F18 M5 status block rewritten — all sub-followups (F26 stream,
    F28, F29, F32, F33) now closed. M5 DoD bullets 1+2+3+4 all green.
  - tests/fixtures/signed-xml/README.md updated to list the 8 new
    fixtures + their pinned input values.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/MxAsbClient.Probe/Program.cs

@@ -168,6 +168,96 @@ if (args.Any(arg => arg.Equals("--dump-signed-xml", StringComparison.OrdinalIgno
     };
     Dump("UnregisterItemsRequest", unregisterDump);
 
+    // F28 step 2 (2026-05-06): the 8 remaining ConnectedRequest shapes
+    // that still sign over NBFX wire bytes via the legacy fallback.
+    // Same `validator` instance throughout so consumers diff per-op
+    // body semantics rather than validator-shape variation.
+
+    ItemIdentity sampleItem = new()
+    {
+        Type = (ushort)ItemIdentityType.Name,
+        ReferenceType = (ushort)ItemReferenceType.Absolute,
+        Name = "TestChildObject.TestInt",
+        ContextName = string.Empty,
+    };
+    ItemIdentity sampleItemById = new()
+    {
+        Type = (ushort)ItemIdentityType.Id,
+        ReferenceType = (ushort)ItemReferenceType.Absolute,
+        Id = 0xCAFE_BABE_DEAD_BEEFul,
+        IdSpecified = true,
+    };
+    const long SampleSubscriptionId = 0x1234_5678_9abc_def0L;
+
+    ReadRequest readDump = new()
+    {
+        ConnectionValidator = validator,
+        Items = [sampleItem],
+    };
+    Dump("ReadRequest", readDump);
+
+    WriteBasicRequest writeDump = new()
+    {
+        ConnectionValidator = validator,
+        Items = [sampleItem],
+        Values = [new WriteValue { Value = AsbVariantFactory.FromInt32(42) }],
+        WriteHandle = 0xDEAD_BEEFu,
+    };
+    Dump("WriteBasicRequest", writeDump);
+
+    PublishWriteCompleteRequest pwcDump = new()
+    {
+        ConnectionValidator = validator,
+    };
+    Dump("PublishWriteCompleteRequest", pwcDump);
+
+    CreateSubscriptionRequest createSubDump = new()
+    {
+        ConnectionValidator = validator,
+        MaxQueueSize = 100L,
+        SampleInterval = 1000ul,
+    };
+    Dump("CreateSubscriptionRequest", createSubDump);
+
+    DeleteSubscriptionRequest deleteSubDump = new()
+    {
+        ConnectionValidator = validator,
+        SubscriptionId = SampleSubscriptionId,
+    };
+    Dump("DeleteSubscriptionRequest", deleteSubDump);
+
+    AddMonitoredItemsRequest addMonDump = new()
+    {
+        ConnectionValidator = validator,
+        SubscriptionId = SampleSubscriptionId,
+        Items = [new MonitoredItem
+        {
+            Item = sampleItem,
+            SampleInterval = 1000ul,
+        }],
+        RequireId = true,
+    };
+    Dump("AddMonitoredItemsRequest", addMonDump);
+
+    DeleteMonitoredItemsRequest deleteMonDump = new()
+    {
+        ConnectionValidator = validator,
+        SubscriptionId = SampleSubscriptionId,
+        Items = [new MonitoredItem
+        {
+            Item = sampleItemById,
+            SampleInterval = 1000ul,
+        }],
+    };
+    Dump("DeleteMonitoredItemsRequest", deleteMonDump);
+
+    PublishRequest publishDump = new()
+    {
+        ConnectionValidator = validator,
+        SubscriptionId = SampleSubscriptionId,
+    };
+    Dump("PublishRequest", publishDump);
+
     return;
 }