fix: resolve remaining antipatterns from Roslyn architecture audit

- Fix string concatenation in structured log calls (IdentityService)
- Add AsNoTracking to read-only queries (GetUserGroupsQueryHandler)
- Add explanatory comments to catch blocks (WebhookDeliveryService, GetTenantMigrationsQueryHandler)
- Add ConfigureAwait to middleware delegate calls (AuditHttpMiddleware)

Author: iammukeshm

src/Modules/Auditing/Modules.Auditing/Infrastructure/Http/AuditHttpMiddleware.cs

@@ -20,7 +20,7 @@ public async Task InvokeAsync(HttpContext ctx)
 
         if (ShouldSkip(ctx))
         {
-            await _next(ctx);
+            await _next(ctx).ConfigureAwait(false);
             return;
         }
 
@@ -33,7 +33,7 @@ public async Task InvokeAsync(HttpContext ctx)
 
         try
         {
-            await _next(ctx);
+            await _next(ctx).ConfigureAwait(false);
             sw.Stop();
 
             await WriteSuccessAuditAsync(ctx, requestContext, responseBuffer, originalBody, sw);

src/Modules/Identity/Modules.Identity/Features/v1/Users/GetUserGroups/GetUserGroupsQueryHandler.cs

@@ -20,6 +20,7 @@ public async ValueTask<IEnumerable<GroupDto>> Handle(GetUserGroupsQuery query, C
     {
         // Validate user exists
         var userExists = await _dbContext.Users
+            .AsNoTracking()
             .AnyAsync(u => u.Id == query.UserId, cancellationToken);
 
         if (!userExists)
@@ -47,6 +48,7 @@ public async ValueTask<IEnumerable<GroupDto>> Handle(GetUserGroupsQuery query, C
 
         // Get member counts
         var memberCounts = await _dbContext.UserGroups
+            .AsNoTracking()
             .Where(ug => groupIds.Contains(ug.GroupId))
             .GroupBy(ug => ug.GroupId)
             .Select(g => new { GroupId = g.Key, Count = g.Count() })

src/Modules/Identity/Modules.Identity/Services/IdentityService.cs

@@ -78,7 +78,7 @@ public async Task StoreRefreshTokenAsync(string subject, string refreshToken, Da
         {
             _logger.LogDebug(
                 "Storing refresh token for user {UserId} in tenant {TenantId}. Token hash: {TokenHash}, Expires: {ExpiresAt}",
-                subject, tenant.Id, hashedToken[..Math.Min(8, hashedToken.Length)] + "...", expiresAtUtc);
+                subject, tenant.Id, hashedToken[..Math.Min(8, hashedToken.Length)], expiresAtUtc);
         }
 
         var result = await _userManager.UpdateAsync(user);
@@ -122,7 +122,7 @@ private async Task<FshUser> FindUserByRefreshTokenAsync(string refreshToken, str
         {
             _logger.LogDebug(
                 "Validating refresh token for tenant {TenantId}. Token hash: {TokenHash}",
-                tenantId, hashedToken[..Math.Min(8, hashedToken.Length)] + "...");
+                tenantId, hashedToken[..Math.Min(8, hashedToken.Length)]);
         }
 
         var user = await _userManager.Users

src/Modules/Multitenancy/Modules.Multitenancy/Features/v1/GetTenantMigrations/GetTenantMigrationsQueryHandler.cs

@@ -63,6 +63,7 @@ public async ValueTask<IReadOnlyCollection<TenantMigrationStatusDto>> Handle(
                 tenantStatus.PendingMigrations = pendingMigrations.ToArray();
                 tenantStatus.HasPendingMigrations = tenantStatus.PendingMigrations.Count > 0;
             }
+            // Per-tenant failure must not stop reporting on other tenants
             catch (Exception ex)
             {
                 tenantStatus.Error = ex.Message;

src/Modules/Webhooks/Modules.Webhooks/Services/WebhookDeliveryService.cs

@@ -45,6 +45,8 @@ public async Task DeliverAsync(
                     delivery.Id, url, (int)response.StatusCode);
             }
         }
+        // Broad catch is intentional: delivery failures (DNS, timeout, HTTP errors) must be
+        // recorded in the delivery log rather than crashing the caller.
         catch (Exception ex) when (ex is not OperationCanceledException)
         {
             delivery.RecordResult(0, false, ex.Message);