Add FlowLogger-based step tracing and enrollment hardening

Ports the FlowLogger pattern from Keyfactor/barracuda-wafasaas-orchestrator
and adapts it for an IAnyCAPlugin. The accumulated step breadcrumb is
appended to EnrollmentResult.StatusMessage on both success and failure,
so operators see a scannable per-step summary in the Command UI instead
of just a single exception message.

Changes:
- FlowLogger.cs: ported verbatim from barracuda with namespace changed
  to Keyfactor.Extensions.CAPlugin.Acme. Added StepAsync<T> overload
  for async methods that return a value.
- Enroll: wraps each stage (ValidateInput, FormatCsr, LoadConfig,
  CreateHttpClient, InitAcmeAccount, CreateAcmeClient, DecodeCsr,
  ExtractDomainsFromCsr, CreateOrder, ExtractOrderIdentifier,
  FinalizeOrder, DownloadCertificate, EncodeCertificateToPem) as a
  timed flow.Step. Success returns include flow.GetSummary(); failure
  paths include DescribeException(ex) + flow.GetSummary().
- ProcessAuthorizations: takes the flow and records per-domain work in
  three branches (StageDnsRecords / VerifyAndSubmit / CleanupDnsRecords),
  so the breadcrumb shows which specific domain failed when a challenge
  breaks.
- DescribeException helper: unwraps AggregateException/TargetInvocation
  wrappers, surfaces HttpRequestException context, and truncates
  overlong messages so the summary stays readable.
- Initialize: added ValidateConfigForEnrollment — fails fast (at save
  time, not first enroll) on missing DirectoryUrl/Email, non-absolute
  or non-http(s) DirectoryUrl, mismatched EAB key pair, or negative
  DnsPropagationDelaySeconds.

Build: net6.0 / net8.0 / net10.0 — 0 errors, pre-existing warnings only.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: bhillkeyfactor