ci: add Rust guard unit tests to CI pipeline

[Copilot]

The 251 Rust unit tests for guards/github-guard/rust-guard (DIFC security guard compiled to WASM) were not part of CI — only ran locally. This let regressions like #3314 slip through.

Changes to .github/workflows/ci.yml

• Path filters: added guards/** to pull_request paths so guard changes trigger CI
• New rust-guard-test job: runs cargo test --lib in parallel with existing Go jobs
  • Uses actions-rust-lang/setup-rust-toolchain@a0b538fa (same pinned SHA as release.lock.yml)
  • Cargo caching via cache-workspaces: guards/github-guard/rust-guard
  • Concurrency control consistent with other CI jobs
• Downstream gates: smoke-copilot-pr, smoke-copilot, large-payload-tester, language-support-tester now require rust-guard-test in addition to existing jobs

[Copilot]

Pull request overview

Adds Rust guard unit tests (guards/github-guard/rust-guard) to the main CI workflow so guard regressions are caught automatically, and ensures downstream smoke/larger tests are gated on those Rust tests.

Changes:

• Expanded PR path filters to include guards/** so guard-only changes trigger CI.
• Added a new rust-guard-test job that runs cargo test --lib for the Rust guard.
• Updated downstream “trigger” jobs to require rust-guard-test in their needs list.

Show a summary per file

File	Description
.github/workflows/ci.yml	Adds guard path filtering, introduces a Rust test job, and gates downstream workflows on it.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 1/1 changed files
• Comments generated: 1

[Copilot]

Since guards/github-guard/rust-guard commits a Cargo.lock, consider running tests with --locked so CI fails if the lockfile is out of date (prevents silently resolving different dependency versions than what’s committed).

Suggested change

	run: cargo test --lib
	run: cargo test --locked --lib