fix(ci): harden CI pipeline -- remove || true, fix versions
- Remove all `|| true` from govulncheck, cargo audit, npm audit,
lint, and format check steps (was masking real failures)
- Remove `continue-on-error: true` from stream-server build step
- Fix Go version mismatch: CI 1.21 -> 1.23 (matches go.mod 1.23.8)
- Upgrade Node.js from 18 to 20 (current LTS)
- Replace deprecated actions-rs/toolchain@v1 with dtolnay/rust-toolchain@stable
- Upgrade all GitHub Actions to v4/v5 (checkout, setup-go, setup-node, cache)
- Make gofmt check fail properly on unformatted files
Addresses audit findings: A05 (Security Misconfiguration), A08 (Software
& Data Integrity), debt item 5 (CI || true everywhere).
Co-authored-by: Cursor <cursoragent@cursor.com>
ce6347b73c