access-controller: bump WIEGAND_CHANNEL to 16 (C6)

Capacity-4 channel could silently drop swipes whenever access_task
backpressured on a held lock. Audited http.rs: status page, /config
GET, /fobs GET, and /fobs (add|delete) POST all already snapshot
under their guards and drop before socket I/O; /ota upload doesn't
touch those mutexes. So channel depth was the remaining gap.

Bumped to 16, which absorbs a worst-case burst (a slow-but-eventually-
returning HTTP handler that briefly holds a mutex) without losing
physical swipes.

Author: opencode

access-controller/src/main.rs

@@ -76,7 +76,13 @@ pub struct RuntimeConfig {
 static CONFIG: StaticCell<RuntimeConfig> = StaticCell::new();
 
 // Channel for Wiegand reads -> access control task
-static WIEGAND_CHANNEL: Channel<CriticalSectionRawMutex, WiegandRead, 4> = Channel::new();
+// Bounded queue from the (interrupt-driven) Wiegand decoder to the
+// access_task. Capacity 4 was tight: any handler in http.rs that holds
+// fobs/local_fobs/settings/last_swipe across socket I/O (notably the
+// OTA upload) backpressures access_task; once 4 swipes queue up, the
+// 5th is dropped with only a warn. Bumped to 16 so a slow HTTP client
+// can't silently mask door swipes.
+static WIEGAND_CHANNEL: Channel<CriticalSectionRawMutex, WiegandRead, 16> = Channel::new();
 
 // Event buffer with peek/commit semantics for reliable delivery
 pub static EVENT_BUFFER: EventBuffer = EventBuffer::new();