fix: zizmor issues

[storopoli]

Description

Similar to alpenlabs/rust-template-workspace#16

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature/Enhancement (non-breaking change which adds functionality or enhances an existing one)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Refactor
• New or updated tests
• Dependency update
• Security fix

Notes to Reviewers

Similar fix as alpenlabs/asm#3.

Checklist

• I have performed a self-review of my code.
• I have commented my code where necessary.
• I have updated the documentation if needed.
• My changes do not introduce new warnings.
• I have added tests that prove my changes are effective or that my feature works.
• New and existing tests pass with my changes.

Related Issues

[AaronFeickert]

Does this remove crates.io publishing altogether?

[storopoli]

Does this remove crates.io publishing altogether?

Yes, for now. I still need to know how to bring it back in the template in light of "trusted publishing" given the latest issues with supply-chain attacks.

Ref: https://blog.rust-lang.org/2025/07/11/crates-io-development-update-2025-07/ and https://doc.rust-lang.org/cargo/reference/publishing.html#github-permissions

[storopoli]

We're still using the old way to publish crates.io crates with github in bitcoind-async-client and bitcoin-bosd and we silence the warning in zizmor.yml, see https://github.com/alpenlabs/bitcoind-async-client/blob/bd874228457c4e646672614868d9910058fb4294/zizmor.yml#L4