This PR makes SQLiteCodeFirst FIPS compliant, needed to operate on US federal or many state government systems as it is a requirement for software vendors, replacing the SHA512Managed class with the SHA512CryptoServiceProvider.

What is FIPS compliance? FIPS stands for Federal Information Processing Standards and are US Government standards that provide a benchmark for implementing cryptographic software

SHA512CryptoServiceProvider uses the FIPS 140-2 validated (FIPS = Federal Information Processing Standards) Crypto Service Provider (CSP) while SHA256Managed does not.

- Target net10.0 in the .NET Core console demo and the test project
  (the test project moves off net48).
- Point the test project at the .NET Core demo project and register the
  EF6 SQLite provider through a code-based DbConfiguration, since modern
  .NET has no app.config provider discovery. Sign the demo so the signed
  test assembly can reference it.
- Update dependencies: EntityFramework 6.5.2, System.Data.SQLite(.EF6)
  1.0.119, Moq 4.20.72, MSTest 4.2.3.
- Convert the solution from .sln to .slnx.
- Run the unit tests on Microsoft.Testing.Platform (MSTest runner),
  opted in via global.json.
- Adapt the tests to MSTest 4: replace [ExpectedException] with
  Assert.ThrowsExactly and fix Assert.AreEqual argument order.
- Replace the package's deprecated licenseUrl with the SPDX expression
  Apache-2.0.

Enable RestorePackagesWithLockFile via Directory.Build.props so restore pins
the full transitive package graph in a packages.lock.json per project. This
makes restores reproducible and lets CI restore in locked mode to catch any
lock file that is missing or out of date.

- Add a CI workflow (build + test on push/PR to master) and a CD workflow
  (pack and publish on a v*.*.* tag). Both run on windows-latest because the
  library targets net40/net45 and the demo targets net48, and restore in
  locked mode against the committed lock files.
- Publish to NuGet with Trusted Publishing (OIDC) via NuGet/login: no
  long-lived API key, authorized by a trusted-publishing policy on nuget.org
  that names the cd.yml workflow. The nuget.org account name is provided
  through the NUGET_USER secret.
- Emit a symbol package (snupkg) and attach the package to a generated
  GitHub Release on tag.
- Run tests on Microsoft.Testing.Platform with a TRX report uploaded as a CI
  artifact (adds the Microsoft.Testing.Extensions.TrxReport extension).
- Pin the SDK in global.json so setup-dotnet installs a known version.
- Remove the AppVeyor definitions, the now-obsolete empty Version tag, and
  point the solution folder and README badges at the new workflows.

Track updates for the .NET SDK (global.json), NuGet packages and GitHub
Actions on a weekly schedule. Minor and patch updates are grouped per
ecosystem to reduce noise; major updates open their own PR. Updates are
proposed as PRs and merged manually.

gab -> gap, explicit set -> explicitly set, a own -> your own,
a additional -> an additional, you may getting -> you may get.

dotnet nuget push and gh release create relied on shell glob expansion that
works on the Ubuntu reference but not on the windows-latest runner this repo
needs (PowerShell does not expand *.nupkg for dotnet, and bash mangles the
backslashes in the workspace path). Resolve the package and release assets
explicitly with Get-ChildItem in PowerShell instead.

Bumps [dotnet-sdk](https://github.com/dotnet/sdk) from 10.0.300 to 10.0.301.
- [Release notes](https://github.com/dotnet/sdk/releases)
- [Commits](dotnet/sdk@v10.0.300...v10.0.301)

---
updated-dependencies:
- dependency-name: dotnet-sdk
  dependency-version: 10.0.301
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Entity Framework has no concept of update-cascade (it assumes immutable
keys), so the generated DDL only ever emitted ON DELETE CASCADE. Neither
ForeignKeyAttribute nor the fluent API can express ON UPDATE CASCADE.

Add an opt-in CascadeOnUpdateAttribute placed on the dependent foreign
key property. It is registered as a column annotation, survives the EF
model build, and is read back from the store model during SQL generation
to append the ON UPDATE CASCADE clause to the foreign key constraint.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>

SqliteInitializerBase already accepts a default Collation and feeds it into
SQL generation, but none of the three concrete initializers forwarded it, so
the documented "default collation" feature was unreachable without
subclassing. Add constructor overloads that pass a Collation to the base class.

SqliteDropCreateDatabaseWhenModelChanges stores the context name on each
history record and documents that a database may be shared by several
contexts, but GetHistoryRecord selected with SingleOrDefault and no Context
filter. On a shared history table that matches multiple records: IsSameModel
swallows the resulting exception and reports a model change, while SaveHistory
throws. Look the record up by context.GetType().FullName, matching what
SaveHistory writes.

ParseConnectionString split each pair on every '=' and kept only the second
segment, truncating any Data Source value that contains '=' at the first one.
Split on the first '=' only. Also assign via the dictionary indexer (last value
wins) instead of Add, so a repeated key no longer throws.

- AssociationTypeContainer: materialize the projection with ToList so
  GetAssociationTypes does not rebuild every SqliteAssociationType on each call.
- ConnectionStringParser.GetDataSource: reuse the already-parsed dictionary
  instead of parsing the connection string a second time.
- SqliteForeignKeyIndexConvention: fold the uniqueness suffix into the index
  name before escaping so it stays inside the quoted identifier instead of being
  appended after the closing quote.

Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>