Add dependency audits for SDK build validation

[ChiragAgg5k]

Summary

• Adds dependency vulnerability audits to generated SDK build validation for PHP, Python, Ruby, Go, .NET, and Rust.
• Keeps the existing TypeScript npm audit coverage unchanged.

Test plan

• Parsed .github/workflows/sdk-build-validation.yml with Ruby YAML loader.
• Reviewed the workflow diff locally.

Notes

• actionlint is not installed in this environment, so full GitHub Actions linting was not run locally.
• GitHub reported existing Dependabot alerts on the default branch when pushing; these new audit jobs may surface current SDK dependency advisories in CI.

[greptile-apps]

Greptile Summary

This PR adds dependency vulnerability audits to the SDK build validation workflow for PHP, Python, Ruby, Go, .NET, and Rust, and pins vulnerable transitive Rust dependencies (idna, idna_adapter) at the template level.

• The Go toolchain version was changed from the pinned 1.22.5 to floating 1.25.x — if Go 1.25 is unavailable to actions/setup-go, the entire Go matrix job will fail before govulncheck ever runs.

Confidence Score: 4/5

Safe to merge after resolving the Go version reference, which could break CI entirely for the Go SDK job.

One P1 finding: the Go version jump from pinned 1.22.5 to floating 1.25.x can break the Go CI job if the version is unavailable. All other changes (audit additions, NuGet template, Rust dep pins) look correct. Score is 4 rather than 5 due to this actionable P1.

.github/workflows/sdk-build-validation.yml — Go version line and unpinned gem install.

Important Files Changed

Filename	Overview
.github/workflows/sdk-build-validation.yml	Adds dependency audits for PHP, Python, Ruby, Go, .NET, and Rust. The Go version bump from pinned 1.22.5 to floating 1.25.x is a P1 issue that could break CI if the version is unavailable; gem install bundler-audit is also unpinned.
templates/dotnet/Directory.Build.props.twig	New template enabling NuGet audit at high severity threshold (NU1903/NU1904 as errors), scoped to the SDK project via MSBuild condition. Implementation is sound.
templates/rust/Cargo.toml.twig	Pins url to =2.5.4 (was >=2.4.1,<2.5) and explicitly pins idna and idna_adapter to avoid known-vulnerable transitive versions. Change looks intentional and correct.
src/SDK/Language/DotNet.php	Adds Directory.Build.props template to the generated file list for .NET SDKs. Straightforward addition, no issues.

_{Reviews (7): Last reviewed commit: "Add dependency audits for generated SDK ..." | Re-trigger Greptile}