docs: add missing XML doc comments across gateway, worker, and .NET client

Resolves 1113 documentation-completeness gaps flagged by CommentChecker
(MissingReturns, MissingInheritDoc, InheritDocMisused, MissingDoc,
MissingParam, RedundantInheritDoc) so the API surface is fully documented
and the analyzer scan is clean. Doc comments only; no code changes.

src/ZB.MOM.WW.MxGateway.Server/Security/Tls/SelfSignedCertificateProvider.cs

@@ -20,6 +20,10 @@ public sealed class SelfSignedCertificateProvider
     private readonly ILogger<SelfSignedCertificateProvider> _logger;
     private readonly TimeProvider _timeProvider;
 
+    /// <summary>Initializes a new instance of the <see cref="SelfSignedCertificateProvider"/> class.</summary>
+    /// <param name="options">TLS configuration options controlling certificate subject, validity, and storage.</param>
+    /// <param name="logger">Logger for certificate lifecycle events.</param>
+    /// <param name="timeProvider">Time provider used to compute certificate validity windows.</param>
     public SelfSignedCertificateProvider(
         TlsOptions options,
         ILogger<SelfSignedCertificateProvider> logger,
@@ -31,6 +35,7 @@ public sealed class SelfSignedCertificateProvider
     }
 
     /// <summary>Creates a fresh in-memory ECDSA P-256 self-signed certificate.</summary>
+    /// <returns>A new self-signed <see cref="X509Certificate2"/> with the configured SANs and validity period.</returns>
     public X509Certificate2 GenerateCertificate()
     {
         using ECDsa key = ECDsa.Create(ECCurve.NamedCurves.nistP256);
@@ -89,6 +94,7 @@ public sealed class SelfSignedCertificateProvider
 
     /// <summary>Loads the persisted certificate, regenerating when missing,
     /// expired (and allowed), or unreadable.</summary>
+    /// <returns>The loaded or newly generated <see cref="X509Certificate2"/>.</returns>
     public X509Certificate2 LoadOrCreate()
     {
         string path = _options.SelfSignedCertPath;