Debug Flag Left On

A compile-time feature flag named with a debug convention (`_DEBUG_*`, `_IOCTL_DEBUG_*`, `_DBG_*`) gates a security-relevant capability and is unconditionally `#define`d in production headers. No `#ifdef DEBUG` or build-system mechanism enforces the convention. The vendor's release discipline is to comment the macro out before shipping; the discipline is applied to adjacent macros and not to this one. The "debug only" contract has two manifestations in the codebase, the macro's name and an inline comment admitting what it does. The runtime sees neither.