CI: run cargo-audit directly

Author: trae

.github/workflows/security.yml

@@ -8,7 +8,6 @@ on:
 
 permissions:
   contents: read
-  checks: write
 
 jobs:
   audit:
@@ -19,14 +18,13 @@ jobs:
       - uses: dtolnay/rust-toolchain@stable
       - name: Ensure Cargo.lock exists
         run: |
-          ls -la
-          pwd
           if [ ! -f Cargo.lock ]; then
             cargo generate-lockfile
           fi
-      - uses: rustsec/audit-check@v2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Install cargo-audit
+        run: cargo install cargo-audit --locked
+      - name: Run cargo-audit
+        run: cargo audit --file Cargo.lock
 
   deny:
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository