docs+ui: backfill XML doc comments and finish dashboard layout pass

Adds missing <summary>/<param> XML docs across 99 server, worker, and test
files so CommentChecker reports zero issues (TreatWarningsAsErrors needs the
analyzer clean). Bundles in WIP dashboard work: NavSection extraction,
MainLayout/site.css/js styling alignment, and DashboardOptions/Auth tweaks.

src/ZB.MOM.WW.MxGateway.Server/Configuration/DashboardOptions.cs

@@ -8,6 +8,19 @@ public sealed class DashboardOptions
     /// <summary>Gets whether anonymous localhost access to dashboard is allowed.</summary>
     public bool AllowAnonymousLocalhost { get; init; } = true;
 
+    /// <summary>
+    /// When true (default), the dashboard auth cookie is restricted to HTTPS
+    /// requests via <see cref="Microsoft.AspNetCore.Http.CookieSecurePolicy.Always"/>.
+    /// Set to false for plain-HTTP dev deployments — the cookie then uses
+    /// <see cref="Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest"/>,
+    /// which still marks it Secure on any HTTPS request but allows it to
+    /// round-trip over HTTP. Browsers silently drop Secure cookies set over
+    /// plain HTTP from non-localhost hosts, so leaving this true breaks
+    /// dashboard login from a remote browser unless the dashboard is served
+    /// over HTTPS.
+    /// </summary>
+    public bool RequireHttpsCookie { get; init; } = true;
+
     /// <summary>Gets the dashboard snapshot update interval in milliseconds.</summary>
     public int SnapshotIntervalMilliseconds { get; init; } = 1_000;
 

src/ZB.MOM.WW.MxGateway.Server/Configuration/GatewayOptions.cs

@@ -9,6 +9,7 @@ public sealed class GatewayOptions
     /// </summary>
     public AuthenticationOptions Authentication { get; init; } = new();
 
+    /// <summary>Gets LDAP configuration options.</summary>
     public LdapOptions Ldap { get; init; } = new();
 
     /// <summary>

src/ZB.MOM.WW.MxGateway.Server/Configuration/LdapOptions.cs

@@ -2,25 +2,36 @@ namespace ZB.MOM.WW.MxGateway.Server.Configuration;
 
 public sealed class LdapOptions
 {
+    /// <summary>Gets a value indicating whether LDAP authentication is enabled.</summary>
     public bool Enabled { get; init; } = true;
 
+    /// <summary>Gets the LDAP server address.</summary>
     public string Server { get; init; } = "localhost";
 
+    /// <summary>Gets the LDAP server port.</summary>
     public int Port { get; init; } = 3893;
 
+    /// <summary>Gets a value indicating whether TLS is required for the connection.</summary>
     public bool UseTls { get; init; }
 
+    /// <summary>Gets a value indicating whether insecure LDAP connections are allowed.</summary>
     public bool AllowInsecureLdap { get; init; } = true;
 
+    /// <summary>Gets the LDAP search base distinguished name.</summary>
     public string SearchBase { get; init; } = "dc=lmxopcua,dc=local";
 
+    /// <summary>Gets the service account distinguished name.</summary>
     public string ServiceAccountDn { get; init; } = "cn=serviceaccount,dc=lmxopcua,dc=local";
 
+    /// <summary>Gets the service account password.</summary>
     public string ServiceAccountPassword { get; init; } = "serviceaccount123";
 
+    /// <summary>Gets the LDAP attribute name for user names.</summary>
     public string UserNameAttribute { get; init; } = "cn";
 
+    /// <summary>Gets the LDAP attribute name for display names.</summary>
     public string DisplayNameAttribute { get; init; } = "cn";
 
+    /// <summary>Gets the LDAP attribute name for group membership.</summary>
     public string GroupAttribute { get; init; } = "memberOf";
 }

src/ZB.MOM.WW.MxGateway.Server/Configuration/ProtocolOptions.cs

@@ -12,5 +12,6 @@ public sealed class ProtocolOptions
     /// </summary>
     public uint WorkerProtocolVersion { get; init; } = GatewayContractInfo.WorkerProtocolVersion;
 
+    /// <summary>Gets or sets the maximum gRPC message size in bytes.</summary>
     public int MaxGrpcMessageBytes { get; init; } = 16 * 1024 * 1024;
 }

src/ZB.MOM.WW.MxGateway.Server/Configuration/SessionOptions.cs

@@ -17,8 +17,10 @@ public sealed class SessionOptions
     /// </summary>
     public int MaxPendingCommandsPerSession { get; init; } = 128;
 
+    /// <summary>Gets the default session lease duration in seconds.</summary>
     public int DefaultLeaseSeconds { get; init; } = 1800;
 
+    /// <summary>Gets the interval for sweeping expired session leases in seconds.</summary>
     public int LeaseSweepIntervalSeconds { get; init; } = 30;
 
     /// <summary>