fix(configuration-database): resolve ConfigurationDatabase-002..007 — remove hardcoded sa creds, fail-fast no-arg DI, encrypt secret columns, resilient audit serialization

tests/ScadaLink.ConfigurationDatabase.Tests/UnitTest1.cs

@@ -372,15 +372,24 @@ public class ServiceRegistrationTests
     }
 
     [Fact]
-    public void AddConfigurationDatabase_NoArgs_DoesNotThrow()
+    public void AddConfigurationDatabase_NoArgs_FailsFast()
     {
+        // ConfigurationDatabase-003: the no-arg overload previously silently registered
+        // nothing, which deferred a misconfiguration into an opaque DI failure later.
+        // It is now [Obsolete(error: true)] (compile-time guard) and throws at runtime.
+        // Invoked via reflection because the obsolete-error overload cannot be called
+        // directly from source.
+        var method = typeof(ServiceCollectionExtensions).GetMethod(
+            nameof(ServiceCollectionExtensions.AddConfigurationDatabase),
+            System.Reflection.BindingFlags.Public | System.Reflection.BindingFlags.Static,
+            binder: null,
+            types: new[] { typeof(IServiceCollection) },
+            modifiers: null)!;
         var services = new ServiceCollection();
-        services.AddConfigurationDatabase();
 
-        // Should not register DbContext (no-op for backward compatibility)
-        var provider = services.BuildServiceProvider();
-        var context = provider.GetService<ScadaLinkDbContext>();
-        Assert.Null(context);
+        var invocation = Assert.Throws<System.Reflection.TargetInvocationException>(
+            () => method.Invoke(null, new object[] { services }));
+        Assert.IsType<InvalidOperationException>(invocation.InnerException);
     }
 }