refactor(inboundapi): fail-fast on missing inbound ExecutionId stash

src/ScadaLink.InboundAPI/Middleware/AuditWriteMiddleware.cs

@@ -249,8 +249,11 @@ public sealed class AuditWriteMiddleware
     /// Audit Log #23 (ParentExecutionId): reads the inbound request's per-request
     /// <c>ExecutionId</c> that <see cref="InvokeAsync"/> minted and stashed on
     /// <see cref="HttpContext.Items"/> under <see cref="InboundExecutionIdItemKey"/>.
-    /// Falls back to a fresh id only if the slot is somehow absent — the inbound
-    /// audit row must always carry an execution id.
+    /// Throws <see cref="InvalidOperationException"/> if the slot is absent — for a
+    /// correlation feature a silently-divergent id is the worst failure mode, so we
+    /// fail fast rather than mint a fresh one. <see cref="EmitInboundAudit"/>'s
+    /// try/catch degrades the throw to a dropped best-effort audit row, never a
+    /// failed request.
     /// </summary>
     private static Guid ResolveInboundExecutionId(HttpContext ctx)
     {
@@ -260,7 +263,9 @@ public sealed class AuditWriteMiddleware
             return id;
         }
 
-        return Guid.NewGuid();
+        throw new InvalidOperationException(
+            "Inbound ExecutionId invariant violated: the inbound ExecutionId must be "
+            + "stashed by AuditWriteMiddleware.InvokeAsync before the audit row is emitted.");
     }
 
     /// <summary>