fix(glauth): rename OPC/Gw testers to avoid username/group case-collision

glauth exposes each group as cn=<Group> under ou=users, so a case-insensitive
(cn=x) search matched both the user and the group (2 entries -> the shared
ZB.MOM.WW.Auth.Ldap 'exactly one entry' rule failed the bind). Renamed the 4
colliding testers (readonly/writetune/alarmack/gwreader) + the 2 siblings for
consistency: opc-readonly/opc-writeop/opc-writetune/opc-writeconfig/opc-alarmack
and gw-viewer. Verified gw-viewer logs into the MxGateway dashboard as Viewer.
multi-role/admin/designer/etc. were never affected (no case-collision).

infra/glauth/README.md

@@ -26,9 +26,14 @@ each app maps only its own family and ignores the rest.
   uses for search-then-bind. Has a `search *` capability.
 - **`multi-role`** — member of **every** group → all roles in all three apps (canonical cross-app login).
 - **`admin`** — `SCADA-Admins` + `GwAdmin` + `OtOpcUa-Admins` → Administrator everywhere.
-- Per-role testers: `designer` / `deployer` / `site-deployer` (ScadaBridge); `gwreader`
-  (MxGateway Viewer); `otdesigner` / `otviewer` (OtOpcUa); `readonly` / `writeop` / `writetune`
-  / `writeconfig` / `alarmack` (OPC perms).
+- Per-role testers: `designer` / `deployer` / `site-deployer` (ScadaBridge); `gw-viewer`
+  (MxGateway Viewer); `otdesigner` / `otviewer` (OtOpcUa); `opc-readonly` / `opc-writeop` /
+  `opc-writetune` / `opc-writeconfig` / `opc-alarmack` (OPC perms).
+
+> **Naming rule:** a tester username must **not** case-collide with a group name. GLAuth exposes
+> each group as `cn=<Group>` under `ou=users`, so a case-insensitive `(cn=x)` search would match
+> both the user and the group (two entries → the shared lib's "exactly one entry" rule fails the
+> bind). That's why the OPC/Gw testers are `opc-*` / `gw-viewer`, not `readonly` / `gwreader`.
 
 ## Deploy on `10.100.0.35`