refactor: DRY persistence registration, server-side EF sorting, security hardening

- P0: Replace hardcoded connection string fallback with throw in Program.cs
- P1.1: Extract AddPersistenceModule<TDbContext,TStore,TReader,TImpl>() generic
  method in ChengYuanEntityFrameworkCoreServiceCollectionExtensions, simplifying
  5 persistence module registrations from 5 lines each to 1 line
- P1.2: Move OrderBy/ThenBy before ToArrayAsync in EfPermissionGrantStore,
  EfFeatureValueStore, EfSettingValueStore so sorting runs at database level
- P2: Add UnauthorizedAccessException->403 test for GlobalExceptionMiddleware
  and 7 Identity endpoint integration tests (GET/POST/PUT/DELETE users & roles)
- P3.5: Extract JWT claim type magic strings to named constants in
  CurrentUserMiddleware

Tests: 373 total (8 new), all passing

Author: Hongwei-MB

src/Applications/AuditLogging/ChengYuan.AuditLogging.Persistence/AuditLoggingPersistenceServiceCollectionExtensions.cs

@@ -1,6 +1,5 @@
 using ChengYuan.EntityFrameworkCore;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.DependencyInjection.Extensions;
 
 namespace ChengYuan.AuditLogging;
 
@@ -10,11 +9,7 @@ public static IServiceCollection AddAuditLoggingPersistence(this IServiceCollect
     {
         ArgumentNullException.ThrowIfNull(services);
 
-        services.AddConfiguredDbContext<AuditLoggingDbContext>();
-        services.AddConfiguredDbContextFactory<AuditLoggingDbContext>();
-        services.AddEntityFrameworkCoreDataAccess<AuditLoggingDbContext>();
-        services.TryAddSingleton<IAuditLogStore, EfAuditLogStore>();
-        services.TryAddSingleton<IAuditLogReader>(serviceProvider => serviceProvider.GetRequiredService<IAuditLogStore>());
+        services.AddPersistenceModule<AuditLoggingDbContext, IAuditLogStore, IAuditLogReader, EfAuditLogStore>();
 
         return services;
     }

src/Applications/AuditLogging/ChengYuan.AuditLogging.Persistence/packages.lock.json

@@ -1,6 +1,5 @@
 using ChengYuan.EntityFrameworkCore;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.DependencyInjection.Extensions;
 
 namespace ChengYuan.FeatureManagement;
 
@@ -10,11 +9,7 @@ public static IServiceCollection AddFeatureManagementPersistence(this IServiceCo
     {
         ArgumentNullException.ThrowIfNull(services);
 
-        services.AddConfiguredDbContext<FeatureManagementDbContext>();
-        services.AddConfiguredDbContextFactory<FeatureManagementDbContext>();
-        services.AddEntityFrameworkCoreDataAccess<FeatureManagementDbContext>();
-        services.TryAddSingleton<IFeatureValueStore, EfFeatureValueStore>();
-        services.TryAddSingleton<IFeatureValueReader>(serviceProvider => serviceProvider.GetRequiredService<IFeatureValueStore>());
+        services.AddPersistenceModule<FeatureManagementDbContext, IFeatureValueStore, IFeatureValueReader, EfFeatureValueStore>();
 
         return services;
     }

src/Applications/FeatureManagement/ChengYuan.FeatureManagement.Persistence/FeatureManagementPersistenceServiceCollectionExtensions.cs

@@ -30,13 +30,13 @@ public async ValueTask<IReadOnlyList<FeatureValueRecord>> GetListAsync(Cancellat
     {
         await using var dbContext = await dbContextFactory.CreateDbContextAsync(cancellationToken);
         var entities = await dbContext.FeatureValues
+            .OrderBy(featureValue => featureValue.Scope)
+            .ThenBy(featureValue => featureValue.Name)
+            .ThenBy(featureValue => featureValue.TenantId)
+            .ThenBy(featureValue => featureValue.UserId)
             .ToArrayAsync(cancellationToken);
 
         return entities
-            .OrderBy(featureValue => featureValue.Scope)
-            .ThenBy(featureValue => featureValue.Name, StringComparer.Ordinal)
-            .ThenBy(featureValue => featureValue.TenantId)
-            .ThenBy(featureValue => featureValue.UserId, StringComparer.Ordinal)
             .Select(MapToRecord)
             .ToArray();
     }

src/Applications/FeatureManagement/ChengYuan.FeatureManagement.Persistence/Stores/EfFeatureValueStore.cs

@@ -0,0 +1,41 @@
+{
+  "version": 2,
+  "dependencies": {
+    "net10.0": {
+      "Microsoft.CodeAnalysis.PublicApiAnalyzers": {
+        "type": "Direct",
+        "requested": "[5.0.0-1.25277.114, )",
+        "resolved": "5.0.0-1.25277.114",
+        "contentHash": "jhR84dGvszupV7ccc8BE1HJdBt49jHaZcBgwLBmwsJ4Ci5bRBrX1Te7TgrRUsWaAICDNZzWT5sEiqXHdA4pfjg=="
+      },
+      "Microsoft.DotNet.ILCompiler": {
+        "type": "Direct",
+        "requested": "[10.0.5, )",
+        "resolved": "10.0.5",
+        "contentHash": "yadTZIkStCVsG8nGwvfroSfBApPsgjQbodQyaIfp53dgayE0qhZpywixiCB6lx57JYQ+KVg1m1AFLrj54pxpZg=="
+      },
+      "Microsoft.NET.ILLink.Tasks": {
+        "type": "Direct",
+        "requested": "[10.0.5, )",
+        "resolved": "10.0.5",
+        "contentHash": "A+5ZuQ0f449tM+MQrhf6R9ZX7lYpjk/ODEwLYKrnF6111rtARx8fVsm4YznUnQiKnnXfaXNBqgxmil6RW3L3SA=="
+      }
+    },
+    "net10.0/osx-arm64": {
+      "Microsoft.DotNet.ILCompiler": {
+        "type": "Direct",
+        "requested": "[10.0.5, )",
+        "resolved": "10.0.5",
+        "contentHash": "yadTZIkStCVsG8nGwvfroSfBApPsgjQbodQyaIfp53dgayE0qhZpywixiCB6lx57JYQ+KVg1m1AFLrj54pxpZg==",
+        "dependencies": {
+          "runtime.osx-arm64.Microsoft.DotNet.ILCompiler": "10.0.5"
+        }
+      },
+      "runtime.osx-arm64.Microsoft.DotNet.ILCompiler": {
+        "type": "Transitive",
+        "resolved": "10.0.5",
+        "contentHash": "Kyh5mVD60xdgfUKn6hE989GZBv1Pw1IaWP6Eikf3A9RuSiMyq6XhD5JJsCFiKJ8iDuM782yx5pIus60Dzjk7gQ=="
+      }
+    }
+  }
+}