Fix TOCTOU bug in unused_port module

[jimmygchen]

Description

The current unused_tcp*_port() and unused_udp*_port() functions in the unused_port module have a Time-of-Check-Time-of-Use (TOCTOU) vulnerability. These functions bind to port 0, get the assigned port number, then immediately close the socket. Between getting the port number and later binding to it, another process can claim the same port, causing test flakiness or binding failures.

PR #8016 by @sashaodessa proposed a fix by replacing these functions with secure APIs that return already-bound sockets:

• bind_tcp4_any() / bind_tcp6_any() → returns TcpListener
• bind_udp4_any() / bind_udp6_any() → returns UdpSocket

The PR went stale without merging. We should implement this fix to eliminate the race condition.

Steps to resolve

1. Review the changes from Fix TOCTOU vulnerability in unused_port module #8016 and update them for current unstable
2. Replace usage of the unsafe port-finding functions with the new bound socket APIs
3. Remove the old functions and LRU cache that provided false security
4. Test that the new APIs work correctly across the test suite

Additional Info

Original PR: #8016

[0xmrree]

@jimmygchen Hey new contributor here. Is it cool I work on this?