Bump CI action dependencies to latest major versions

[tnull]

GitHub is deprecating Node.js 20 for Actions runners, with enforcement starting June 2026. Bump all action dependencies to their latest major versions which use Node.js 22+.

Co-Authored-By: HAL 9000

[ldk-reviews-bot]

👋 Hi! This PR is now in draft status.
I'll wait to assign reviewers until you mark it as ready for review.
Just convert it out of draft status when you're ready for review!

[ldk-claude-review-bot]

The fuzz job uploads with actions/upload-artifact@v7 (line 261) while the coverage job downloads with actions/download-artifact@v8 (line 86). Historically these two actions have been versioned in lockstep (v1/v1, v2/v2, v3/v3, v4/v4). The major version mismatch is unusual — please verify that upload-artifact v7 and download-artifact v8 are artifact-format compatible, or confirm whether these actions have intentionally diverged in versioning.

[ldk-claude-review-bot]

Major version bump to rustsec/audit-check@v2 — please verify that the ignore parameter syntax is still supported in v2. If the v2 API changed (e.g., switching to a different input name or format for advisory ignores), this could silently stop ignoring RUSTSEC-2021-0145 and cause spurious CI failures.

Also note: the comment on lines 22-23 still references MSRV rustc 1.63, but the project MSRV elsewhere in build.yml is 1.75. This is a pre-existing issue, not introduced by this PR.

[ldk-claude-review-bot]

Review Summary

Two inline comments posted:

1. .github/workflows/build.yml:86 — upload-artifact@v7 / download-artifact@v8 version mismatch. These actions have historically been versioned in lockstep. The fuzz job uploads at v7 and the coverage job downloads at v8 — verify these are artifact-format compatible.

2. .github/workflows/audit.yml:15 — rustsec/audit-check@v2 is a major version bump. Verify the ignore parameter is still supported with the same syntax in v2.

Cross-cutting concern

Version existence should be verified: Several of these version bumps are aggressive jumps from v4 (actions/checkout@v6 is +2 major versions, actions/upload-artifact@v7 is +3, actions/download-artifact@v8 is +4). Please confirm all target versions actually exist and are released. If any version tag doesn't exist, the workflow will fail silently at the checkout step of the action.

[tnull]

Need to double-check the bumped versions. Could be Claude messed up.