Adds ValidateRemoteLeafNode to LeafNodeManager with self-connect,
duplicate-connection, and JetStream domain conflict checks, plus
IsSelfConnect, HasConnection, and GetConnectionByRemoteId helpers.
Introduces LeafValidationResult and LeafValidationError types.
Adds 10 unit tests in LeafValidationTests covering all error codes.
Add UpdateTlsConfig to LeafNodeManager with CurrentCertPath, CurrentKeyPath,
IsTlsEnabled, and TlsReloadCount. Add LeafTlsReloadResult record. Add 10 unit
tests in LeafTlsReloadTests covering change detection, no-op idempotency, path
tracking, counter semantics, and result payload.
D6: Add ExportSubjects/ImportSubjects allow-lists to LeafHubSpokeMapper alongside
existing DenyExports/DenyImports deny-lists. When an allow-list is non-empty, subjects
must match at least one allow pattern; deny always takes precedence. Updated
LeafNodeOptions, LeafHubSpokeMapper (5-arg constructor), and LeafNodeManager to wire
through the new allow-lists. Added 13 new unit + integration tests covering allow-list
semantics, deny precedence, bidirectional filtering, and wire-level propagation.
D7: Existing NetworkingGoParityTests.cs (50 tests) covers gateway interest mode,
route pool accounting, and leaf node connections. Parity DB already up to date.
E6: Add IsSystemAccount property to Account, mark $SYS account as system,
add IsSystemSubject/IsSubscriptionAllowed/GetSubListForSubject helpers to
route $SYS.> subjects to the system account's SubList and block non-system
accounts from subscribing.
E7: Add ConfigReloader.ReloadAsync and ApplyDiff for structured async reload,
add ConfigReloadResult/ConfigApplyResult types. SIGHUP handler already wired
via PosixSignalRegistration in HandleSignals.
E8: Add PropagateAuthChanges to re-evaluate connected clients after auth
config reload, disconnecting clients whose credentials no longer pass
authentication with -ERR 'Authorization Violation'.
