Bump @actions/http-client from 2.2.3 to 3.0.2

Update to v3.0.2 which bumps undici from 5.28.4 to 6.23.0,
fixing CVE-2026-22036. v4.0.0 is ESM-only and incompatible
with ncc bundling, so using v3.x instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: hsbt