Make client/server encryption optional, rename tests to full names

Make encryption optional for both ServerRegister's LDS client
connection and the server side of ServerLDS/ServerRegister: when
certificate, privateKey, and trustStore are omitted the programs
run with SecurityPolicy#None only.  Secure servers also add a
discovery-only None endpoint so unencrypted clients can still call
FindServers and GetEndpoints.

Consolidate tests from 5 policy-specific cases (nosec_anon,
none_user, basic256sha256_anon, aes256_anon, aes128_user) down to
3 that cover the important axes: unsecure_anonymous,
secure_anonymous, secure_user.  Rename directories to use full
names.  Auto-generate certificates and trust stores in run_test.sh.

Update readme and CLAUDE.md to reflect the current program
interface (unified Client binary, split ServerRegister configs)
and the new test names.

1 files changed, 11 insertions, 1 deletions

diff --git a/src/common.c b/src/common.c
index 39a2a68..f8b08a1 100644
--- a/src/common.c
+++ b/src/common.c
@@ -356,10 +356,20 @@ createServer (UA_UInt16 port, const char *applicationUri, const char *certPath,
       for (size_t i = 0; i < trustSize; i++)
         trustList[i] = loadFile (trustPaths[i]);
 
-      *retval = UA_ServerConfig_setDefaultWithSecurityPolicies (
+      *retval = UA_ServerConfig_setDefaultWithSecureSecurityPolicies (
           config, port, &certificate, &privateKey, trustList, trustSize, NULL,
           0, NULL, 0);
 
+      /* Also offer SecurityPolicy#None, but restricted to discovery
+         services (FindServers, GetEndpoints) so that unencrypted clients
+         can still discover the server without being able to open a
+         full session. */
+      if (*retval == UA_STATUSCODE_GOOD)
+        {
+          UA_ServerConfig_addSecurityPolicyNone (config, &certificate);
+          config->securityPolicyNoneDiscoveryOnly = true;
+        }
+
       UA_ByteString_clear (&certificate);
       UA_ByteString_clear (&privateKey);
       for (size_t i = 0; i < trustSize; i++)