Add to the OPC UA client config + connect path:
- SecurityPolicy (None/Basic256Sha256/Aes128Sha256RsaOaep/Aes256Sha256RsaPss), MessageSecurityMode (None/Sign/SignAndEncrypt), client application-instance certificate (cert+key paths, application URI), server certificate trust store + reject-untrusted, user identity (Anonymous/Username-Password/X.509). Anonymous/None stays opt-in.
- Acceptance: connect to a server with Basic256Sha256 + SignAndEncrypt + username/password and a trusted client cert; read tags + receive events; Anonymous/None still works.
Add to the OPC UA client config + connect path: