Add CI workflow for fuzzing, coverage, and golden vector validation

[Smithsonion007]

Summary

• add a GitHub Actions workflow to run fuzz smoke tests across Linux, macOS, and Windows with nightly long-run coverage
• generate coverage reports on Ubuntu and upload results as workflow artifacts
• add reusable scripts to orchestrate cargo-fuzz execution and golden vector validation

Testing

• not run (workflow change only)

---

https://chatgpt.com/codex/tasks/task_e_690702013570833197ab2c1ba4350fd0

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Grant actions:write permission for artifact uploads

The workflow configures a restricted token with permissions: contents: read, which implicitly disables the actions scope. Both the coverage and nightly fuzz jobs call actions/upload-artifact@v4, which needs actions: write to create artifacts. As written, every run will fail when the upload step tries to publish coverage or fuzzing corpora because the token lacks the required permission (Resource not accessible by integration). Add actions: write (or remove the restriction) so artifact uploads succeed.

Useful? React with 👍 / 👎.