chore: pin Kuestenlogik.Bowire to exact 1.4.4, drop CPM floating-versions opt-in

Switches Directory.Packages.props from the floating 1.4.* pin (which
required CentralPackageFloatingVersionsEnabled=true to bypass NU1011)
to the exact 1.4.4 pin. Reasons:

- Reproducible builds: same commit, same binaries, forever.
- Dependabot actually sees the updates: with a floating range it
  silently absorbs 1.4.x patch / minor bumps without a PR; with an
  exact pin each bump is a reviewable PR that runs CI first.
- NuGet default shape: no opt-in flag, no NU1011 workaround required.

Bowire 1.4.x is plugin-contract-compatible, so the runtime behaviour
doesn't change — the dep graph just becomes deterministic across
rebuilds. When Bowire 1.4.5 ships, Dependabot opens a PR; CI green-
lights it; auto-merge takes care of the rest.

Author: thomas-stegemann

Directory.Packages.props

@@ -1,9 +1,6 @@
 <Project>
   <PropertyGroup>
     <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
-    <!-- Required so the floating "1.4.*" pin on Kuestenlogik.Bowire below
-         resolves under Central Package Management (NU1011 otherwise). -->
-    <CentralPackageFloatingVersionsEnabled>true</CentralPackageFloatingVersionsEnabled>
   </PropertyGroup>
   <ItemGroup>
     <!-- Bowire contract package. Also carries the mock-emitter contract
@@ -12,7 +9,7 @@
          interface. During local development consume from
          ../Bowire/artifacts/packages (see nuget.config); release
          builds resolve the same id from nuget.org. -->
-    <PackageVersion Include="Kuestenlogik.Bowire" Version="1.4.*" />
+    <PackageVersion Include="Kuestenlogik.Bowire" Version="1.4.4" />
 
     <!-- Test-only -->
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="18.5.1" />