fix(dashboard): make dashboard auth cookie name configurable

The dashboard auth cookie name was hardcoded to the constant
DashboardAuthenticationDefaults.CookieName (MxGatewayDashboard). Browser
cookies are scoped by host+path but NOT by port, so two gateway instances
sharing a hostname would clobber each other's dashboard session under the
shared name.

Add DashboardOptions.CookieName (MxGateway:Dashboard:CookieName); null/blank
keeps the canonical default. Applied in the existing dashboard cookie
PostConfigure (runs after the inline AddCookie default, so it wins). Behaviour
is unchanged when unset. Adds a Tests case for the override.

src/ZB.MOM.WW.MxGateway.Server/Dashboard/DashboardServiceCollectionExtensions.cs

@@ -66,6 +66,8 @@ public static class DashboardServiceCollectionExtensions
                 ZbCookieDefaults.Apply(cookieOptions, requireHttps: true, idleTimeout: TimeSpan.FromHours(8));
                 // Cookie name, path, and redirect paths are MxGateway-specific — set after Apply
                 // so they are never overwritten by the shared helper (Apply intentionally skips name).
+                // This is the canonical default; it is overridden per-environment from
+                // DashboardOptions.CookieName by the PostConfigure below.
                 cookieOptions.Cookie.Name = DashboardAuthenticationDefaults.CookieName;
                 cookieOptions.Cookie.Path = "/";
                 cookieOptions.LoginPath = "/login";
@@ -77,13 +79,22 @@ public static class DashboardServiceCollectionExtensions
                 _ => { });
 
         // Honour DashboardOptions.RequireHttpsCookie (default true / Always; set false for dev
-        // HTTP deployments → SameAsRequest). This overrides the Apply default above.
+        // HTTP deployments → SameAsRequest) and the optional per-environment cookie-name
+        // override. Both run after the inline AddCookie config above, so they win.
         services.AddOptions<CookieAuthenticationOptions>(DashboardAuthenticationDefaults.AuthenticationScheme)
             .Configure<IOptions<GatewayOptions>>((cookieOptions, gatewayOptions) =>
             {
                 cookieOptions.Cookie.SecurePolicy = gatewayOptions.Value.Dashboard.RequireHttpsCookie
                     ? CookieSecurePolicy.Always
                     : CookieSecurePolicy.SameAsRequest;
+
+                // Config-driven cookie name (MxGateway:Dashboard:CookieName). Null/blank keeps
+                // the canonical default set above, so a misconfiguration cannot unname the cookie.
+                var cookieName = gatewayOptions.Value.Dashboard.CookieName;
+                if (!string.IsNullOrWhiteSpace(cookieName))
+                {
+                    cookieOptions.Cookie.Name = cookieName;
+                }
             });
 
         services.AddAuthorization(authorization =>