PHPC-2695 Replace deprecated bson_append_array_begin with bson_append_array_unsafe_begin

[GromNaN]

Replace the deprecated bson_append_array_begin with bson_append_array_unsafe_begin, the non-deprecated equivalent introduced in libmongoc 2.3.0.

Fix PHPC-2695

[Copilot]

Pull request overview

Updates the extension and CI/build metadata to support libmongoc 2.3.0 by replacing a deprecated libbson API usage, while also bumping tracked libmongoc/libmongocrypt versions and adding a regression test around cursor cleanup behavior.

Changes:

• Replace deprecated bson_append_array_begin calls with bson_append_array_unsafe_begin in BSON encoding.
• Bump referenced dependency versions (mongo-c-driver 2.3.0, libmongocrypt 1.17.3) across build configs, CI, and SBOM.
• Add a new PHPT regression test ensuring killCursors is issued after a connection error during getMore.

Reviewed changes

Copilot reviewed 1 out of 1 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
tests/cursor/bug2660-001.phpt	Adds a regression test asserting killCursors is sent after a getMore connection failure.
src/phongo_bson_encode.c	Switches to bson_append_array_unsafe_begin to avoid deprecated API usage.
src/LIBMONGOCRYPT_VERSION_CURRENT	Updates tracked libmongocrypt version to 1.17.3.
scripts/update-sbom.sh	Adjusts docker invocation used to regenerate the SBOM.
sbom.json	Updates SBOM component versions/refs for libmongocrypt and mongo-c-driver.
config.w32	Updates bundled libmongoc source list for Windows builds consistent with newer libmongoc.
config.m4	Raises minimum system library versions and improves configure-time error messages.
.github/workflows/tests.yml	Updates system-libs CI job to use libmongoc 2.3.0 and libmongocrypt 1.17.3; fixes env context usage.
.github/actions/linux/build-libmongocrypt/action.yml	Switches apt repo usage and pins libmongocrypt-dev to the requested patch version.
.evergreen/config/templates/build/build-libmongoc.yml	Updates Evergreen build variables to libmongoc 2.3.0 / r2.3.
.evergreen/config/generated/build/build-libmongoc.yml	Regenerates Evergreen config with updated libmongoc version variables.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[alcaeus]

LGTM. Interesting this is now marked as "unsafe" -- I wonder what the safe alternative to this would be.

[GromNaN]

Good question:

The distinction is:

• _unsafe_begin uses a plain bson_t *child — the caller is responsible for appending keys as "0", "1", "2", etc. (BSON array keys must be consecutive integer strings). If you append arbitrary string keys into a bson_t obtained this way, you get a malformed array. There's no enforcement.
• bson_array_builder_begin/end uses an opaque bson_array_builder_t **child — this builder automatically generates the correct integer keys, so you can't accidentally produce an invalid array.

The _unsafe suffix means "we don't enforce correct array key sequencing for you" — it's the same underlying operation but without the guardrail.

For the PHP driver's use case, _unsafe_begin is perfectly fine because phongo_zval_to_bson_internal already generates the correct "0", "1", ... keys from PHP array indices. There's no benefit from the builder's auto-keying, and migrating to
bson_array_builder_t would require a more invasive refactor of that recursive encoding path.