chore(windows-drivers): deny(unsafe_op_in_unsafe_fn) on the driver crates (audit §8 P0)

Lock in the explicit-unsafe-block discipline so a fn-level 'unsafe' never silently blesses its whole body (the per-site // SAFETY: comments already landed in STEP 8). Builds clean on the RTX box — no fallout. The host-wide unsafe-lint sweep + clippy::undocumented_unsafe_blocks (hundreds of blocks across Linux+Windows) are a larger dedicated follow-up.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

packaging/windows/drivers/pf-vdisplay/src/lib.rs

@@ -9,6 +9,10 @@
 //! control plane + monitor/modes (STEP 4), and swap-chain/IDD-push (STEP 5-6) fill the stubs in.
 
 #![allow(non_snake_case, clippy::missing_safety_doc)]
+// P0 lint (audit §8): an unsafe op inside an `unsafe fn` must be in an explicit `unsafe {}` block, so the
+// fn-level `unsafe` never silently blesses the whole body. (The per-site `// SAFETY:` discipline already
+// landed in STEP 8.)
+#![deny(unsafe_op_in_unsafe_fn)]
 
 #[macro_use]
 mod log;

packaging/windows/drivers/wdk-iddcx/src/lib.rs

@@ -10,6 +10,8 @@
 //! code — handled at the call site in STEP 5).
 #![no_std]
 #![allow(non_snake_case, clippy::missing_safety_doc)]
+// P0 lint (audit §8): require explicit `unsafe {}` blocks inside `unsafe fn`s.
+#![deny(unsafe_op_in_unsafe_fn)]
 
 pub use wdk_sys::iddcx;