chore(codeql): readonly fields and TryGetValue cleanups

[rlorenzo]

What

Five small CodeQL cleanups, behavior-preserving:

• readonly on single-assignment static fields (verified never reassigned):
  • VMACSService.sharedClient
  • RolesTests._sqlLiteConnection, _sqlLiteContextOptions
• TryGetValue instead of ContainsKey + indexer (single lookup):
  • RotationsController.BuildRecentCliniciansList recent-clinicians map — used TryGetValue (not GetValueOrDefault) to preserve exact behavior, since PersonDisplayFullName is nullable
  • EmergencyContactControllerTests phone-validation assertion

Resolves cs/missed-readonly-modifier (#211, #212, #213) and cs/inefficient-containskey (#475, #479).

Scope notes

Other alerts in the same batch were dismissed rather than changed: cs/local-shadows-member ×3 (idiomatic configure-setters) and cs/missed-ternary-operator ×4 (subjective style / one not type-valid as a ternary).

The agy review surfaced a separate pre-existing URL-encoding concern in VMACSService.Search (DB-sourced loginID, low exploitability) — left out of this PR to keep it scoped; tracked as a follow-up.

[codecov-commenter]

Bundle Report

Bundle size has no change ✅

[codecov-commenter]

Codecov Report

❌ Patch coverage is 0% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 44.49%. Comparing base (f6dbe72) to head (2186c20).

Files with missing lines	Patch %	Lines
...inicalScheduler/Controllers/RotationsController.cs	0.00%	2 Missing ⚠️
web/Areas/Directory/Services/VMACSService.cs	0.00%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #224   +/-   ##
=======================================
  Coverage   44.49%   44.49%           
=======================================
  Files         895      895           
  Lines       51655    51655           
  Branches     4812     4812           
=======================================
  Hits        22983    22983           
  Misses      28108    28108           
  Partials      564      564           

Flag	Coverage Δ
backend	44.64% <0.00%> (ø)
frontend	41.32% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

[Copilot]

Pull request overview

This PR applies small, behavior-preserving CodeQL cleanups across the web app and test suite by (1) marking single-assignment static fields as readonly and (2) replacing ContainsKey + indexer patterns with TryGetValue to avoid double lookups.

Changes:

• Marked static HttpClient and SQLite test fixtures as readonly where they are never reassigned.
• Replaced ContainsKey + indexer with TryGetValue in RotationsController and an emergency-contact unit test to avoid redundant dictionary lookups.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
web/Areas/Directory/Services/VMACSService.cs	Marks the shared static HttpClient as readonly.
web/Areas/ClinicalScheduler/Controllers/RotationsController.cs	Uses TryGetValue for the recent-clinicians lookup to avoid double dictionary access.
test/Students/EmergencyContactControllerTests.cs	Uses TryGetValue for a single-lookup assertion on validation errors.
test/RAPS/RolesTests.cs	Marks static SQLite connection/options as readonly.