Fix NativeAOT round-trip for tm7 file I/O

[gholliday]

Problem

The published NativeAOT exe could neither read nor write .tm7 files. The reflection-based DataContractSerializer hits three AOT-incompatible patterns under .NET 10:

1. Dictionary<,> [DataMember] fields — DCS fell back to the ISerializable path on Dictionary<Guid,object> / Dictionary<string,SerializableThreat> / Dictionary<string,string> and tried to instantiate the internal System.Runtime.Serialization.KeyValue<K,V> for each closed generic. AOT cannot generate code for those instantiations.
2. Nullable member serialization — DCS's reflection writer invokes GetDefaultValue1 via MakeGenericMethod, which is fundamentally AOT-incompatible.
3. EmitDefaultValue=false on double/string members — same MakeGenericMethod path through XmlObjectSerializerWriteContext.GetDefaultValue1.

Fix

Model refactor

• New SerializableKvpTypes.cs with three [DataContract] KVP types + matching [CollectionDataContract] List wrappers. Element names match what DCS auto-generates (KeyValueOfguidanyType, KeyValueOfstringThreatpc_P0_PhOB, KeyValueOfstringstring) so wire compatibility with TMT is preserved.
• Borders / Lines / AllThreatsDictionary / SerializableThreat.Properties marked [IgnoreDataMember] and each backed by a private [DataMember] list field synced via [OnSerializing]/[OnDeserialized] callbacks. The public Dictionary<,> API surface is unchanged — no consumer touched.
• bool? ThreatGenerationEnabled → bool (constructor still accepts bool?; coerces null → false).
• Removed EmitDefaultValue=false from Zoom / StrokeThickness / StrokeDashArray.

Build / serializer plumbing

• Switch IL3050;IL3053 from NoWarn to WarningsNotAsErrors so BCL DCS warnings stay visible without failing the build.
• Drop dead string-typed DynamicDependency entries for KeyValue<,> closed generics (failed approach). Keep Dictionary<,>/EqualityComparer<,> preservation as defensive against future [DataMember] Dictionary<,> regressions.

Tests + CI

Test	Purpose
RoundTrip_StructuralEquivalence	Replaces the byte-for-byte test (no longer achievable).
Roundtrip_PopulatedThreatInstances_PreservesEntries	Populates AllThreatsDictionary, verifies full state round-trip.
Roundtrip_PopulatedThreatProperties_PreservesEntries	Dictionary<string,string> including empty-string edge case.
Roundtrip_PopulatedThreats_WireFormatMatchesAutoDictionary	Compares our KVP element name vs raw Dictionary<,>. Caught a wrong-name guess during development.
Roundtrip_PopulatedThreatProperties_WireFormatMatchesAutoDictionary	Same for Dictionary<string,string>.
Roundtrip_Borders_WireFormatMatchesAutoDictionary	Same for Dictionary<Guid,object>.
Roundtrip_MultipleAddRemoveCycles	Multiple mutate-save-reload cycles.
Serialize_NullDictionaries_DoesNotThrow	Guards the null-guard fix.
AotExe_Open_LoadsTemplate	Invokes published AOT exe.
AotExe_AddEntity_RoundTripsAndPreservesExistingEntities	Mutate via AOT, verify via JIT.
AotExe_PopulatedThreatsRoundTripThroughAddCommand	Most important AOT guard: JIT-writes populated threats → AOT-loads/modifies/saves → JIT-reloads → asserts preservation.

Added a Publish AOT step to .github/workflows/ci.yml ahead of Test so the integration tests actually run on every matrix leg (ubuntu / windows / macos). Tests use RuntimeInformation.RuntimeIdentifier to locate the platform-correct exe.

Total: 17 → 20 tests, all passing.

Caveats

• TMT desktop interop not auto-verified. Recommend a one-time manual check that an AOT-written .tm7 opens in the actual TMT app — the wire format diverges slightly because EmitDefaultValue=false is gone and ThreatGenerationEnabled is no longer nullable. DCS readers are tolerant; TMT-specific parsing isn't proven.
• The EmitDefaultValue=false removal cannot be worked around without AOT supporting MakeGenericMethod on BCL-internal DCS methods.

Verification

• All 20 tests pass under dotnet test.
• Manual smoke test: tm7.exe open / new / add entity all succeed against samples/template.tm7 using the published AOT binary.