chore: replace tempdir with tempfile, clearing CVE RUSTSEC-2023-0018

[ndreno]

Summary

`tempdir` 0.3.7 has been deprecated since 2018 and transitively pulls in `remove_dir_all` 0.5.3, which has an unfixed race-condition CVE (RUSTSEC-2023-0018). Both crates reach the tree only via cargo-typify's integration tests (dev-dependency), so there's no production exposure, but cargo-deny rightly flags the chain.

This PR:

• Swaps the dependency for `tempfile` 3.27 in both workspace and `cargo-typify` dev-deps.
• Migrates the seven test sites in `cargo-typify/tests/integration.rs` from `TempDir::new("cargo-typify")` to `TempDir::with_prefix("cargo-typify")` (preserves the prefix semantics).
• Drops two now-irrelevant ignores from `deny.toml`: RUSTSEC-2018-0017 (tempdir unmaintained) and RUSTSEC-2023-0018 (the CVE).

Remaining advisory ignores

Two unmaintained-crate warnings stay ignored because we can't clear them from our side:

RUSTSEC	Crate	Why we can't fix
2025-0056	`adler` 1.0.2	Transitive via `miniz_oxide` (→ flate2/png). Waiting on ecosystem.
2024-0436	`paste` 1.0.15	Transitive via `schema-derive` (a dev-dep of `typify-impl`). Not a security issue.

Test plan

• `cargo fmt --all -- --check`
• `cargo clippy --workspace --all-targets --locked --exclude typify-test -- -D warnings`
• `cargo test --workspace --locked` — all 17 test binaries pass, including the 9 cargo-typify integration tests on the new tempfile API
• `cargo deny check advisories` — clean with trimmed ignore list