Improve plugin/package management lifecycle, validation, and runtime metadata APIs

[Copilot]

Summary

This PR enhances the WebExpress plugin/package management foundation to support dynamic management workflows needed by web-based administration.

Changes

• Added package lifecycle APIs to IPackageManager and PackageManager:
  • UploadPackage
  • InstallPackage
  • ActivatePackage
  • DeactivatePackage
  • UpdatePackage
  • UninstallPackage
  • ValidatePackage
  • GetPackages / GetPackage
• Added operation/validation result models:
  • PackageOperationResult
  • PackageValidationResult
• Extended package metadata/spec with dependencies:
  • PackageItem.Dependencies
  • PackageItemSpec.Dependencies
• Improved package update/change detection to include dependency changes.
• Hardened package extraction against unsafe archive paths (zip-slip style traversal) and now safely overwrites extracted files.
• Secured package spec deserialization using safe XML reader settings (DTD prohibited).
• Added optional SHA-256 package hash verification in validation/install flows.
• Added package dependency/version compatibility checks during activation.
• Extended plugin management visibility for runtime status/dependencies:
  • IPluginManager.GetPluginRuntimeInfos()
  • PluginRuntimeInfo
  • PluginRuntimeState
• Updated package builder to preserve package dependency declarations in generated .spec.
• Added/extended tests for:
  • package lifecycle operations
  • invalid package extension validation
  • update id mismatch rejection
  • SHA-256 verification
  • plugin runtime metadata exposure

Validation

• dotnet build src/WebExpress.WebCore.sln ✅
• dotnet test src/WebExpress.WebCore.Test/WebExpress.WebCore.Test.csproj --no-build ✅ (941 passed)
• Parallel validation:
  • Code Review ✅ (no comments)
  • CodeQL ✅ (0 alerts)

Notes

• The specific WebApp settings page class WebExpress.WebApp.WWW.Settings.System.Plugin is not in this repository; these changes provide the backend management APIs and metadata needed for that UI integration.