fix(inbound-api): resolve InboundAPI-007 — remove unimplemented Database.Connection() script API from design doc (conflicts with script trust model)

docs/requirements/Component-InboundAPI.md

@@ -160,8 +160,15 @@ Inbound API scripts **cannot** call shared scripts directly — shared scripts a
 - `Parameters["key"]` — Raw dictionary access.
 - `Parameters.Get<T>("key")` — Typed access (same API as site runtime scripts). See Site Runtime component for full type support.
 
-#### Database Access
-- `Database.Connection("connectionName")` — Obtain a raw MS SQL client connection for querying the configuration or machine data databases directly from central.
+> **No direct database access.** Inbound API scripts are not given a raw database
+> client. Handing a script a raw `SqlConnection` is in direct tension with the
+> ScadaLink script trust model (scripts are forbidden `System.IO`, `Process`,
+> `Threading`, `Reflection`, and raw network access; `ForbiddenApiChecker`
+> statically enforces this). Scripts interact with the system only through the
+> curated `Route` and `Parameters` surfaces above. If a method needs data from
+> the configuration or machine-data databases, that access belongs behind a
+> dedicated, scoped helper — not a general-purpose connection — and would be
+> added here as an explicit design change.
 
 ### Routing Behavior
 - The `Route.To()` helper resolves the instance's site assignment from the configuration database and routes the request to the correct site cluster via the Communication Layer.