Fix 5 bugs from shopfloor-setup transcript review

1. UDC JSON ACL: set on directory C:\ProgramData\UDC\ with
   ContainerInherit+ObjectInherit instead of the file. UDC_Setup.exe
   gets killed by KillAfterDetection before UDC.exe creates
   udc_settings.json, so the file doesn't exist at ACL-grant time.
   Directory-level ACL with inheritance covers any file created later.

2. Set-MachineNumber.ps1 auto-running: the type-specific loop's
   Get-ChildItem -Filter "*.ps1" picked up the desktop tool alongside
   the numbered installer scripts. Added Where-Object { $_.Name -match
   '^\d' } so only numbered-prefix scripts (01-eDNC, 02-ACLs) run.

3. WJ Shopfloor copy-to-self: Phase 1 sweep moved WJ Shopfloor.lnk
   into Shopfloor Tools\, then Phase 2's Find-ExistingLnk found it
   there and tried to Copy-Item to the same path. Now checks if
   resolved source path == destination and prints "exists: (already
   in Shopfloor Tools)" instead of erroring.

4. NTLARS missing from taskbar pins: the $pinSpec entry was never
   added to 07-TaskbarLayout.ps1 despite the comment update. Added
   between eDNC and Defect_Tracker in pin order.

5. shutdown /a stderr noise: 15+ red "Unable to abort system shutdown"
   lines in the transcript from shutdown.exe writing to stderr when no
   shutdown is pending. Changed all occurrences in Run-ShopfloorSetup,
   00-PreInstall-MachineApps to: cmd /c "shutdown /a 2>nul" *>$null
   which suppresses both native stderr and PS error stream.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

playbook/shopfloor-setup/Run-ShopfloorSetup.ps1

@@ -26,7 +26,7 @@ Write-Host ""
 reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 99 /f | Out-Null
 
 # Cancel any pending reboot so it doesn't interrupt setup
-shutdown -a 2>$null
+cmd /c "shutdown /a 2>nul" *>$null
 
 # Prompt user to unplug from PXE switch before re-enabling wired adapters
 Write-Host ""
@@ -96,7 +96,7 @@ if (Test-Path $baselineDir) {
             Write-Host "Skipping baseline: $($script.Name) (runs in finalization phase)"
             continue
         }
-        shutdown /a 2>$null
+        cmd /c "shutdown /a 2>nul" *>$null
         Write-Host "Running baseline: $($script.Name)"
         try {
             & $script.FullName
@@ -110,9 +110,14 @@ if (Test-Path $baselineDir) {
 if ($pcType -ne "Shopfloor") {
     $typeDir = Join-Path $setupDir $pcType
     if (Test-Path $typeDir) {
-        $scripts = Get-ChildItem -Path $typeDir -Filter "*.ps1" -File | Sort-Object Name
+        # Only run numbered scripts (01-eDNC.ps1, 02-MachineNumberACLs.ps1).
+        # Unnumbered .ps1 files (Set-MachineNumber.ps1) are desktop tools,
+        # not installer scripts, and must not auto-run during setup.
+        $scripts = Get-ChildItem -Path $typeDir -Filter "*.ps1" -File |
+                   Where-Object { $_.Name -match '^\d' } |
+                   Sort-Object Name
         foreach ($script in $scripts) {
-            shutdown /a 2>$null
+            cmd /c "shutdown /a 2>nul" *>$null
             Write-Host "Running $pcType setup: $($script.Name)"
             try {
                 & $script.FullName
@@ -137,7 +142,7 @@ foreach ($name in $runAfterTypeSpecific) {
         Write-Warning "Deferred script not found: $script"
         continue
     }
-    shutdown /a 2>$null
+    cmd /c "shutdown /a 2>nul" *>$null
     Write-Host "Running deferred baseline: $name"
     try {
         & $script