feat: add project setup for monitoring and TLS — csproj, config options, ServerInfo TLS fields

Add FrameworkReference to Microsoft.AspNetCore.App to enable Kestrel
Minimal APIs for the monitoring HTTP server. Remove the now-redundant
Microsoft.Extensions.Logging.Abstractions PackageReference (it is
included transitively via the framework reference).

Add monitoring config properties (MonitorPort, MonitorHost,
MonitorBasePath, MonitorHttpsPort) and TLS config properties (TlsCert,
TlsKey, TlsCaCert, TlsVerify, TlsHandshakeFirst, etc.) to NatsOptions.

Add TlsRequired, TlsVerify, and TlsAvailable fields to ServerInfo so
the server can advertise TLS capability in the INFO protocol message.

src/NATS.Server/NATS.Server.csproj

@@ -1,5 +1,5 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" />
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
   </ItemGroup>
 </Project>

src/NATS.Server/NatsOptions.cs

@@ -1,3 +1,5 @@
+using System.Security.Authentication;
+
 namespace NATS.Server;
 
 public sealed class NatsOptions
@@ -5,9 +7,32 @@ public sealed class NatsOptions
     public string Host { get; set; } = "0.0.0.0";
     public int Port { get; set; } = 4222;
     public string? ServerName { get; set; }
-    public int MaxPayload { get; set; } = 1024 * 1024; // 1MB
+    public int MaxPayload { get; set; } = 1024 * 1024;
     public int MaxControlLine { get; set; } = 4096;
     public int MaxConnections { get; set; } = 65536;
     public TimeSpan PingInterval { get; set; } = TimeSpan.FromMinutes(2);
     public int MaxPingsOut { get; set; } = 2;
+
+    // Monitoring (0 = disabled; standard port is 8222)
+    public int MonitorPort { get; set; }
+    public string MonitorHost { get; set; } = "0.0.0.0";
+    public string? MonitorBasePath { get; set; }
+    // 0 = disabled
+    public int MonitorHttpsPort { get; set; }
+
+    // TLS
+    public string? TlsCert { get; set; }
+    public string? TlsKey { get; set; }
+    public string? TlsCaCert { get; set; }
+    public bool TlsVerify { get; set; }
+    public bool TlsMap { get; set; }
+    public TimeSpan TlsTimeout { get; set; } = TimeSpan.FromSeconds(2);
+    public bool TlsHandshakeFirst { get; set; }
+    public TimeSpan TlsHandshakeFirstFallback { get; set; } = TimeSpan.FromMilliseconds(50);
+    public bool AllowNonTls { get; set; }
+    public long TlsRateLimit { get; set; }
+    public HashSet<string>? TlsPinnedCerts { get; set; }
+    public SslProtocols TlsMinVersion { get; set; } = SslProtocols.Tls12;
+
+    public bool HasTls => TlsCert != null && TlsKey != null;
 }

src/NATS.Server/Protocol/NatsProtocol.cs

@@ -61,6 +61,18 @@ public sealed class ServerInfo
     [JsonPropertyName("client_ip")]
     [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
     public string? ClientIp { get; set; }
+
+    [JsonPropertyName("tls_required")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingDefault)]
+    public bool TlsRequired { get; set; }
+
+    [JsonPropertyName("tls_verify")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingDefault)]
+    public bool TlsVerify { get; set; }
+
+    [JsonPropertyName("tls_available")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingDefault)]
+    public bool TlsAvailable { get; set; }
 }
 
 public sealed class ClientOptions