eng: fix OpenTelemetry.Api vulnerability by pinning >= 1.15.1 and updating GitHubActionsTestLogger to 3.0.3

- Pin GitHubActionsTestLogger to 3.0.3 (was floating, resolved to 3.0.1)
- Add explicit OpenTelemetry.Api >= 1.15.1 lower bound to Test group
- paket.lock now resolves OpenTelemetry.Api to 1.15.3 (fixes GHSA-g94r-2vxg-569j)
- 37 tests pass; dotnet restore no longer errors with NU1902

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: github-actions[bot]

paket.dependencies

@@ -55,7 +55,8 @@ group Test
     nuget NUnit3TestAdapter
     nuget FsUnit  4.2.0
     nuget FsCheck 2.16.6
-    nuget GitHubActionsTestLogger
+    nuget GitHubActionsTestLogger 3.0.3
+    nuget OpenTelemetry.Api >= 1.15.1
 
 group Benchmarks
     frameworks: net8.0

paket.lock

@@ -440,7 +440,7 @@ NUGET
       FSharp.Core (>= 5.0.2)
       NETStandard.Library (>= 2.0.3)
       NUnit (>= 3.13.2 < 3.14)
-    GitHubActionsTestLogger (3.0.1)
+    GitHubActionsTestLogger (3.0.3)
     Microsoft.ApplicationInsights (3.0)
       Azure.Monitor.OpenTelemetry.Exporter (>= 1.6)
     Microsoft.Bcl.AsyncInterfaces (10.0.3)
@@ -528,7 +528,7 @@ NUGET
       Microsoft.Extensions.Diagnostics.Abstractions (>= 8.0)
       Microsoft.Extensions.Logging.Configuration (>= 8.0)
       OpenTelemetry.Api.ProviderBuilderExtensions (>= 1.15)
-    OpenTelemetry.Api (1.15)
+    OpenTelemetry.Api (1.15.3)
       System.Diagnostics.DiagnosticSource (>= 10.0)
     OpenTelemetry.Api.ProviderBuilderExtensions (1.15)
       Microsoft.Extensions.DependencyInjection.Abstractions (>= 8.0)