Describe the enhancement

We should audit github actions to make sure an attacker can't publish compromised bdk-ffi binaries.

see: https://discord.com/channels/753336465005608961/754077749282471937/1317184034010435625

Use case

See documentation for zizmor.

Additional context

See: bitcoindevkit/bdk#1775.