Implement OPC UA Reverse Connect as defined in Part 6, Section 7.1.3 of the OPC UA specification.

In normal OPC UA, the client opens a TCP connection to the server. Reverse Connect inverts this: the server initiates the outbound TCP connection to a listening client, sends a ReverseHello message, and then the client drives the rest of the handshake (Hello/Ack/OpenSecureChannel/CreateSession) as usual. This enables servers behind firewalls or NAT to reach clients in a DMZ or IT network without requiring inbound firewall rules on the server side.

Requirements

Protocol layer (stack-core):

• ReverseHello message type (RHE) with serverUri and endpointUrl fields
• Integration with existing TcpMessageEncoder/TcpMessageDecoder

Transport layer:

• Client: OpcTcpReverseConnectTransport — binds a ServerBootstrap to accept inbound server connections, decodes ReverseHello, performs handshake via UascClientReverseHelloHandler
• Server: OpcTcpReverseConnectServerTransport — connects outbound to a client address, sends ReverseHello via UascServerReverseHelloHandler
• FSMs for both sides managing connection lifecycle, reconnection, and exponential backoff

SDK layer:

• Server: ReverseConnectManager for managing outbound connections with dynamic add/remove, idle socket invariant enforcement (spec requirement: always maintain at least one idle connection per registered client)
• Server: OpcUaServer.addReverseConnect()/removeReverseConnect() API
• Client: OpcUaClient.createReverseConnect() factory with integrated two-pass discovery (GetEndpoints over reverse connection, then endpoint selection)
• Client: DiscoveryClient.getEndpoints()/findServers() overloads accepting OpcTcpReverseConnectTransportConfig

Session integration:

• ChannelStateObservable interface implemented by both forward and reverse transports
• Transparent session reactivation on reconnection via existing SessionFsm