refactor(ocpp): integrate unified auth as sole authorization mechanism (#1764)

refactor(ocpp): integrate unified auth as sole authorization mechanism (#1764)

* refactor(ocpp): route v1.6 auth through unified system, remove legacy functions

* refactor(ocpp): replace OCPP 2.0 inline auth with unified auth service

* test(ocpp): update OCPP 1.6 authorization tests for unified auth path

* test(ocpp): add OCPP 2.0 unified auth integration tests

* chore: pass all quality gates

* [autofix.ci] apply automated fixes

* refactor(ocpp): pass correct AuthContext to isIdTagAuthorized callers

REMOTE_START for RemoteStartTransaction, RESERVATION for ReserveNow.
ATG keeps the default TRANSACTION_START.

* refactor(ocpp): use auth barrel index instead of deep imports

* refactor(ocpp): use auth barrel for all external imports

* refactor(ocpp): remove redundant 'unified' naming from auth system

* refactor(ocpp): extract authorizeToken helper and fix rejection test assertions

* test(ocpp): add coverage for auth error and context parameter paths

* test(ocpp): remove redundant tests and unnecessary JSDoc from authorization tests

* refactor(ocpp): address review feedback — explicit switch cases, parameterize context, merge imports

* fix(ocpp): preserve OCPP 2.0 token type in authorizeToken per C01.FR.25

authorizeToken was hardcoding IdentifierType.ID_TAG, causing all
Authorize.req to carry type 'Local' regardless of the actual token
type (ISO14443, eMAID, etc.). Pass the OCPP 2.0 token type through
and use mapOCPP20TokenType for proper mapping.

Also fix log message attribution and deduplicate OCPPAuthServiceFactory
from the dynamic import (already available via static import).

* refactor(ocpp): eliminate unnecessary dynamic imports and synchronize auth factory

Extract isIdTagAuthorized to IdTagAuthorization.ts to break the
OCPPServiceUtils ESM evaluation cycle, enabling static imports from
the auth barrel. Convert AuthComponentFactory, OCPPAuthServiceFactory,
and OCPPAuthServiceImpl to fully synchronous APIs. Remove the
globalThis Symbol hack that was needed for cross-module-instance
sharing. Move getMessageTypeString to utils/Utils.ts where it belongs.

- 9 dynamic imports eliminated (20 → 11, remaining are inheritance cycles)
- Auth factory chain fully sync (getInstance, createAdapter, initialize)
- IdTagAuthorization.ts imports auth/index.js barrel statically
- Tests relocated to follow moved code
- All barrel exports consolidated between components

* build: add skott for type-aware circular dependency detection

Add skott as devDependency with a circular-deps script that scans
the entire src/ directory using --no-trackTypeOnlyDependencies to
ignore import type (unlike madge which reports false positives).
Exit code 0 for now since known cycles exist — switch to 1 when
integrated in CI.

* build: override effect>=3.20.0 to fix CVE-2026-32887 (skott transitive dep)

* refactor: break UI server circular dependency via IBootstrap DIP

Introduce IBootstrap interface to decouple AbstractUIService from the
Bootstrap singleton import. Bootstrap implements IBootstrap and is
injected through the UIServerFactory → AbstractUIServer → UIService
chain. This structurally eliminates the cycle:
AbstractUIServer → UIServiceFactory → AbstractUIService → Bootstrap →
UIServerFactory → UIHttpServer → extends AbstractUIServer.

Also removes the cross-component re-export workaround in
charging-station/index.ts (getMessageTypeString from utils/) that
was only needed to preserve ESM evaluation order around this cycle.

- Circular dependency paths: 177 → 39 (type-aware, skott)
- Short cycles (depth ≤ 4): 7 → 4
- ErrorUtils now imports getMessageTypeString from its own component

* test: fix mock isolation and type safety in UI server tests

Move mockBootstrap to beforeEach for per-test isolation.
Remove as-never cast by providing all SimulatorState fields.
Remove unnecessary JSDoc on self-documenting mock factory.

* fix: align auth barrel section headers with exports, use barrel for CertificateAuthStrategy import

* refactor(auth): eliminate code duplication, dead code, and type casts

- DRY: Replace duplicated mappers in OCPP20AuthAdapter with shared
  mapToOCPP20TokenType/mapOCPP20TokenType from AuthTypes
- DRY: Extract duplicated enhanceResult from Local/Remote strategies
  into shared enhanceAuthResult in AuthTypes
- Dead code: Remove unused parseIntegerVariable from OCPP20AuthAdapter
- YAGNI: Remove unused AuthHelpers from barrel export
- Type safety: Add getAuthCache() to AuthStrategy interface, eliminating
  3 concrete as-LocalAuthStrategy casts in OCPPAuthServiceImpl

* fix(auth): preserve OCPP 2.0 Central/Local token type in adapter mapping

Remove post-processing that collapsed Central/Local to ID_TAG in
OCPP20AuthAdapter.convertToIdentifier. The shared mapOCPP20TokenType
correctly returns CENTRAL/LOCAL, which downstream code uses for spec
compliance (C03.FR.01 skip Authorize.req for Central tokens, C11
cache exclusion for Central identifiers).

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>