Make client/server encryption optional, rename tests to full names

Make encryption optional for both ServerRegister's LDS client
connection and the server side of ServerLDS/ServerRegister: when
certificate, privateKey, and trustStore are omitted the programs
run with SecurityPolicy#None only.  Secure servers also add a
discovery-only None endpoint so unencrypted clients can still call
FindServers and GetEndpoints.

Consolidate tests from 5 policy-specific cases (nosec_anon,
none_user, basic256sha256_anon, aes256_anon, aes128_user) down to
3 that cover the important axes: unsecure_anonymous,
secure_anonymous, secure_user.  Rename directories to use full
names.  Auto-generate certificates and trust stores in run_test.sh.

Update readme and CLAUDE.md to reflect the current program
interface (unified Client binary, split ServerRegister configs)
and the new test names.

1 files changed, 5 insertions, 3 deletions

diff --git a/src/common.h b/src/common.h
index b4bd323..6d5294a 100644
--- a/src/common.h
+++ b/src/common.h
@@ -52,9 +52,11 @@ void freeTrustStore (char **paths, size_t size);
  * @brief Creates a UA_Server, optionally configured with security policies.
  *
  * When @p certPath is non-NULL the server is initialized with encryption
- * (certificate, private key, trustlist).  When @p certPath is NULL the server
- * runs with SecurityPolicy#None only (keyPath and trustPaths are ignored).
- * The applicationUri is set in both cases.
+ * (certificate, private key, trustlist) and also adds SecurityPolicy#None
+ * restricted to discovery services (FindServers, GetEndpoints) so that
+ * unencrypted clients can still discover the server.  When @p certPath is
+ * NULL the server runs with SecurityPolicy#None only (keyPath and trustPaths
+ * are ignored).  The applicationUri is set in both cases.
  *
  * @param port Server port number.
  * @param applicationUri OPC UA application URI.