Add LDAP Distinguished Name Helper and Credential Audit Context

- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values.
- Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context.
- Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events.
- Introduced AuthorityAuditSink for persisting audit records with structured logging.
- Added CryptoPro related classes for certificate resolution and signing operations.

src/Concelier/__Libraries/StellaOps.Concelier.Connector.Ics.Cisa/TASKS.md

@@ -1,4 +0,0 @@
-# TASKS
-| Task | Owner(s) | Depends on | Notes |
-|---|---|---|---|
-|FEEDCONN-ICSCISA-02-012 Version range provenance|BE-Conn-ICS-CISA|CONCELIER-LNM-21-001|**DONE (2025-11-03)** – Promote existing firmware/semver data into `advisory_observations.affected.versions[]` entries with deterministic comparison keys and provenance identifiers (`ics-cisa:{advisoryId}:{product}`). Add regression coverage for mixed firmware strings and raise a Models ticket only when observation schema needs a new comparison helper.<br>2025-10-29: Follow `docs/dev/normalized-rule-recipes.md` §2 to build observation version entries and log failures without invoking the retired merge helpers.<br>2025-11-03: Completed – connector now emits semver-aware range rules with provenance, RSS fallback payloads pass the guard, and Fetch/Parse/Map end-to-end coverage succeeds.|