Make GDS tests stable and add better logging to unit tests

[marcschier]

Proposed changes

The following changes are contained in this pull request:

• Allow setting ReturnDiagnostics on the session factory to ensure the diagnostic settings are part of "Create" also. Set them to SymbolicIdAndText by default.
• Better logging in unit tests, now also logs to progress including exception traces, also prefixes SERVER and TEST on console to attach the logs to the server or client side.
• GDS client stability improvements to ensure client reliably reconnects between calls when connection is lost.
• Do not dispose the application certificate when it is updated from GDS client to avoid existing sessions to crash with CryptographicException. This needs more improvements later on because it is rather hacky today.
• Remove the certificate cache in CertificateFactory (as per discussion and agreement) which allowed re-enabling the older UserIdentity API
• Logging improvements here and there to analyze issues in unit tests better

Related Issues

• Fixes #

Types of changes

What types of changes does your code introduce?
Put an x in the boxes that apply. You can also fill these out after creating the PR.

• Bugfix (non-breaking change which fixes an issue)
• Enhancement (non-breaking change which adds functionality)
• Test enhancement (non-breaking change to increase test coverage)
• Breaking change (fix or feature that would cause existing functionality to not work as expected, requires version increase of Nuget packages)
• Documentation Update (if none of the other choices apply)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

• I have read the CONTRIBUTING doc.
• I have signed the CLA.
• I ran tests locally with my changes, all passed.
• I fixed all failing tests in the CI pipelines.
• I fixed all introduced issues with CodeQL and LGTM.
• I have added tests that prove my fix is effective or that my feature works and increased code coverage.
• I have added necessary documentation (if appropriate).
• Any dependent changes have been merged and published in downstream modules.

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

[Copilot]

Pull Request Overview

Stabilizes GDS/server-related tests and enhances observability by routing previous Console output through structured logging, introducing diagnostics mask configuration, and refactoring telemetry/session creation. Key changes include: (1) pervasive replacement of direct certificate factory usage and constructor overload removals, (2) added diagnostics/telemetry plumbing (ReturnDiagnostics masks, activity source changes), and (3) retry / connection loop refactors plus logging improvements.

Reviewed Changes

Copilot reviewed 75 out of 75 changed files in this pull request and generated 12 comments.

Show a summary per file

File	Description
Tests/Opc.Ua.Server.Tests/*	Removed explicit telemetry injections; rely on default NUnitTelemetryContext and updated activity source usage.
Tests/Opc.Ua.Gds.Tests/*	Logging replaces Console writes; GDS test startup simplified; constructors adjusted for new telemetry patterns.
Tests/Opc.Ua.Client.Tests/*	Added diagnostics masks to session creation; improved logging; modified retry logic in fixtures.
Tests/Opc.Ua.Client.ComplexTypes.Tests/*	MockResolver no longer needs telemetry; updated dictionary loading with cancellation token.
Tests/Common/Logging.cs	Reworked NUnit and BenchmarkDotNet logger providers; simplified creation API and added exception formatting helpers.
Stack/Opc.Ua.Core/*	Substantial refactors: certificate parsing now uses X509CertificateLoader, ServiceResult / Exception formatting changes, removal of ActivitySource static, added diagnostics handling, updated cryptography & error helpers.
Libraries/Opc.Ua.*	Added logging, diagnostics mask plumbing, retry logic refactors, disposal guards, certificate & identity handling changes, and improved error logging.
Applications/Quickstarts.*	Updated to new UserIdentity constructors (removed telemetry parameter) and logging changes.
Directory.Packages.props	Minor package version bumps.
.editorconfig	Expanded analyzer configuration and documentation / formatting comments.

Comments suppressed due to low confidence (8)

Libraries/Opc.Ua.Gds.Server.Common/CertificateGroup.cs:525

• The CA certificate is wrapped in a using statement then stored (via intermediate assignments not shown) and later returned from Certificates[certificateType]; disposing it here leaves a disposed instance in the cache. Remove the using and manage disposal only for truly temporary instances (or clone before disposing).

            using X509Certificate2 certificate = TryGetECCCurve(certificateType, out ECCurve curve)
                ? builder.SetECCurve(curve).CreateForECDsa()
                : builder
                    .SetHashAlgorithm(
                        X509Utils.GetRSAHashAlgorithmName(Configuration.CACertificateHashSize))
                    .SetRSAKeySize(Configuration.CACertificateKeySize)
                    .CreateForRSA();
#else
            using X509Certificate2 certificate = builder
                .SetHashAlgorithm(
                    X509Utils.GetRSAHashAlgorithmName(Configuration.CACertificateHashSize))
                .SetRSAKeySize(Configuration.CACertificateKeySize)
                .CreateForRSA();

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[codecov]

Codecov Report

❌ Patch coverage is 60.22337% with 463 lines in your changes missing coverage. Please review.
✅ Project coverage is 57.79%. Comparing base (ca43b64) to head (32bce78).

Files with missing lines	Patch %	Lines
...a.Server/Configuration/ConfigurationNodeManager.cs	66.66%	55 Missing and 7 partials ⚠️
....Certificates/X509Certificate/X509PfxUtilsDebug.cs	0.00%	60 Missing ⚠️
...Gds.Client.Common/ServerPushConfigurationClient.cs	72.76%	46 Missing and 12 partials ⚠️
...Security/Certificates/DirectoryCertificateStore.cs	68.32%	43 Missing and 8 partials ⚠️
...a.Gds.Client.Common/GlobalDiscoveryServerClient.cs	79.28%	29 Missing and 6 partials ⚠️
Libraries/Opc.Ua.Client/Session/Session.cs	17.50%	33 Missing ⚠️
Stack/Opc.Ua.Core/Types/Utils/ServiceResult.cs	47.36%	20 Missing ⚠️
...k/Opc.Ua.Core/Stack/Tcp/UaSCBinaryClientChannel.cs	0.00%	18 Missing ⚠️
...Ua.Client/Session/Factory/DefaultSessionFactory.cs	26.08%	17 Missing ⚠️
Stack/Opc.Ua.Core/Stack/Server/EndpointBase.cs	46.15%	13 Missing and 1 partial ⚠️
... and 26 more

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3271      +/-   ##
==========================================
- Coverage   57.81%   57.79%   -0.02%     
==========================================
  Files         365      366       +1     
  Lines       79423    79778     +355     
  Branches    13870    13863       -7     
==========================================
+ Hits        45920    46110     +190     
- Misses      29338    29515     +177     
+ Partials     4165     4153      -12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[salihgoncu]

Beyond the comments I posted, there are a lot of places where lock() statements are used that are not guaranteed to be called from synchronous methods only. These also need to be reviewed and preferrably made async-aware.