Add LDAP Distinguished Name Helper and Credential Audit Context

- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values.
- Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context.
- Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events.
- Introduced AuthorityAuditSink for persisting audit records with structured logging.
- Added CryptoPro related classes for certificate resolution and signing operations.

src/Telemetry/StellaOps.Telemetry.Core/TASKS.md

@@ -1,23 +0,0 @@
-# Telemetry Core Task Board — Epic 15: Observability & Forensics
-
-## Sprint 50 – Baseline Instrumentation
-| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
-|----|--------|----------|------------|-------------|---------------|
-| TELEMETRY-OBS-50-001 | TODO | Telemetry Core Guild | — | Create `StellaOps.Telemetry.Core` library with structured logging facade, OpenTelemetry configuration helpers, and deterministic bootstrap (service name/version detection, resource attributes). Publish sample usage for web/worker hosts. | Library builds/tests; NuGet local package published; sample host integration passes smoke tests; compliance checklist recorded. |
-| TELEMETRY-OBS-50-002 | TODO | Telemetry Core Guild | TELEMETRY-OBS-50-001 | Implement context propagation middleware/adapters for HTTP, gRPC, background jobs, and CLI invocations, carrying `trace_id`, `tenant_id`, `actor`, and imposed-rule metadata. Provide test harness covering async resume scenarios. | Middleware packages pass integration tests; context restored across async boundaries; CLI harness emits trace headers; docs drafted under `/docs/observability/telemetry-standards.md` stub. |
-
-## Sprint 51 – Metrics & Log Contracts
-| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
-|----|--------|----------|------------|-------------|---------------|
-| TELEMETRY-OBS-51-001 | TODO | Telemetry Core Guild, Observability Guild | TELEMETRY-OBS-50-001 | Ship metrics helpers for golden signals (histograms, counters, gauges) with exemplar support and cardinality guards. Provide Roslyn analyzer preventing unsanitised labels. | Helpers integrated in sample service; analyzer blocks forbidden label usage; unit/property tests cover bounds; documentation PR prepared. |
-| TELEMETRY-OBS-51-002 | TODO | Telemetry Core Guild, Security Guild | TELEMETRY-OBS-50-001 | Implement redaction/scrubbing filters for secrets/PII enforced at logger sink, configurable per-tenant with TTL, including audit of overrides. Add determinism tests verifying stable field order and timestamp normalization. | Scrubber defaults enforced; override API audited; determinism tests pass twice with identical output; security review sign-off recorded. |
-
-## Sprint 55 – Incident Mode Support
-| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
-|----|--------|----------|------------|-------------|---------------|
-| TELEMETRY-OBS-55-001 | TODO | Telemetry Core Guild | TELEMETRY-OBS-50-002, TELEMETRY-OBS-51-002 | Provide incident mode toggle API that adjusts sampling, enables extended retention tags, and records activation trail for services. Ensure toggle honored by all hosting templates and integrates with Config/FeatureFlag providers. | Toggle API launched; integration tests confirm sampling increase; activation events logged with tenant context; runbook updated. |
-
-## Sprint 56 – Sealed Mode Hooks
-| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
-|----|--------|----------|------------|-------------|---------------|
-| TELEMETRY-OBS-56-001 | TODO | Telemetry Core Guild | TELEMETRY-OBS-50-001, TELEMETRY-OBS-55-001 | Add sealed-mode telemetry helpers (drift metrics, seal/unseal spans, offline exporters) and ensure hosts can disable external exporters when sealed. | Helpers published; sealed-mode tests verify no external egress; docs updated with sealed guidance. |