feat: implement full MQTT Go parity across 5 phases — binary protocol, auth/TLS, cross-protocol bridging, monitoring, and JetStream persistence

Phase 1: Binary MQTT 3.1.1 wire protocol with PipeReader-based parsing,
full packet type dispatch, and MQTT 3.1.1 compliance checks.

Phase 2: Auth pipeline routing MQTT CONNECT through AuthService,
TLS transport with SslStream wrapping, pinned cert validation.

Phase 3: IMessageRouter refactor (NatsClient → INatsClient),
MqttNatsClientAdapter for cross-protocol bridging, MqttTopicMapper
with full Go-parity topic/subject translation.

Phase 4: /connz mqtt_client field population, /varz actual MQTT port.

Phase 5: JetStream persistence — MqttStreamInitializer creates 5
internal streams, MqttConsumerManager for QoS 1/2 consumers,
subject-keyed session/retained lookups replacing linear scans.

All 503 MQTT tests and 1589 Core tests pass.

tests/NATS.Server.Mqtt.Tests/Mqtt/MqttAuthParityTests.cs

@@ -24,6 +24,7 @@ public class MqttAuthParityTests
             "127.0.0.1", 0,
             requiredUsername: "mqtt",
             requiredPassword: "client");
+        listener.UseBinaryProtocol = false;
         using var cts = new CancellationTokenSource();
         await listener.StartAsync(cts.Token);
 
@@ -43,6 +44,7 @@ public class MqttAuthParityTests
             "127.0.0.1", 0,
             requiredUsername: "mqtt",
             requiredPassword: "client");
+        listener.UseBinaryProtocol = false;
         using var cts = new CancellationTokenSource();
         await listener.StartAsync(cts.Token);
 
@@ -64,6 +66,7 @@ public class MqttAuthParityTests
             "127.0.0.1", 0,
             requiredUsername: "mqtt",
             requiredPassword: "secret");
+        listener.UseBinaryProtocol = false;
         using var cts = new CancellationTokenSource();
         await listener.StartAsync(cts.Token);
 
@@ -82,6 +85,7 @@ public class MqttAuthParityTests
     public async Task No_auth_configured_connects_without_credentials()
     {
         await using var listener = new MqttListener("127.0.0.1", 0);
+        listener.UseBinaryProtocol = false;
         using var cts = new CancellationTokenSource();
         await listener.StartAsync(cts.Token);
 
@@ -97,6 +101,7 @@ public class MqttAuthParityTests
     public async Task No_auth_configured_accepts_any_credentials()
     {
         await using var listener = new MqttListener("127.0.0.1", 0);
+        listener.UseBinaryProtocol = false;
         using var cts = new CancellationTokenSource();
         await listener.StartAsync(cts.Token);
 
@@ -164,6 +169,7 @@ public class MqttAuthParityTests
             "127.0.0.1", 0,
             requiredUsername: "admin",
             requiredPassword: "password");
+        listener.UseBinaryProtocol = false;
         using var cts = new CancellationTokenSource();
         await listener.StartAsync(cts.Token);
 
@@ -193,6 +199,7 @@ public class MqttAuthParityTests
     public async Task Keepalive_timeout_disconnects_idle_client()
     {
         await using var listener = new MqttListener("127.0.0.1", 0);
+        listener.UseBinaryProtocol = false;
         using var cts = new CancellationTokenSource();
         await listener.StartAsync(cts.Token);
 
@@ -279,6 +286,7 @@ public class MqttAuthParityTests
     public async Task Non_connect_as_first_packet_is_handled()
     {
         await using var listener = new MqttListener("127.0.0.1", 0);
+        listener.UseBinaryProtocol = false;
         using var cts = new CancellationTokenSource();
         await listener.StartAsync(cts.Token);
 
@@ -300,6 +308,7 @@ public class MqttAuthParityTests
     public async Task Second_connect_from_same_tcp_connection_is_handled()
     {
         await using var listener = new MqttListener("127.0.0.1", 0);
+        listener.UseBinaryProtocol = false;
         using var cts = new CancellationTokenSource();
         await listener.StartAsync(cts.Token);