[AZ-PENDING-1] [AZ-PENDING-2] Testability fixes: JWKS gate + RMQ DNS

C01 (JWKS HTTPS env gate, src/Auth/JwtExtensions.cs)
  Gate HttpDocumentRetriever.RequireHttps on
  ASPNETCORE_ENVIRONMENT != "E2ETest" (case-insensitive). HTTPS is
  still enforced for Development, Staging, Production, and any
  unset value. Test harness can now serve JWKS over plain HTTP via
  the mock issuer documented in _docs/02_document/tests/environment.md.

C02 (RabbitMQ host DNS resolution, src/Services/FailsafeProducer.cs)
  Resolve RABBITMQ_HOST via DNS when the value is not a literal IP.
  Adds ResolveHostAddress(host, ct) helper that uses
  IPAddress.TryParse first, then Dns.GetHostAddressesAsync. Fixes
  a latent production bug (operators using a DNS hostname like
  "rabbitmq" or "broker.internal" got a FormatException at startup)
  and unblocks the e2e Docker test harness where the broker is
  reachable only via service-name DNS.

Review report: _docs/03_implementation/reviews/batch_01_review.md
  Verdict PASS_WITH_WARNINGS (1 Low/Maintainability finding,
  documented as deferred to Step 8 hardening).

Tracker IDs are placeholders — Jira MCP unavailable. Real IDs to be
assigned per _docs/_process_leftovers/2026-05-14_testability-tracker.md.

Co-authored-by: Cursor <cursoragent@cursor.com>

_docs/_autodev_state.md

@@ -6,9 +6,9 @@ step: 4
 name: Code Testability Revision
 status: in_progress
 sub_step:
-  phase: 3
-  name: phase-2-task-decomposition
-  detail: ""
+  phase: 4
+  name: phase-4-implementation-runner
+  detail: "review PASS_WITH_WARNINGS; commit pending"
 retry_count: 0
 cycle: 1
 tracker: local