ci: make Deep Fuzzing actually run 8 hours per target

[27Bslash6]

Summary

The Deep Fuzzing (8 hours) job has been running 30 minutes per target, not 8 hours. Job name and step name lied about the actual fuzz duration.

# Was
- name: Run deep fuzz (30 minutes per target)
  run: timeout 1800 cargo fuzz run ... -max_total_time=1800

So nightly fuzzing has been delivering ~6% of the depth the dashboard suggests. For a crate doing AES-256-GCM + HKDF + LZ4 with PyO3 FFI consumers, this matters — short fuzz runs only find shallow bugs.

Changes

• timeout and -max_total_time: 1800s → 28800s (30 min → 8 h)
• Step name: "30 minutes per target" → "8 hours per target"
• Add timeout-minutes: 540 (9 h) at job level — GitHub Actions defaults to 360 (6 h), which would kill the 8-hour fuzz at the 6-hour mark.

Wall-time impact

Configuration	Per-target	Wall time	Runner-hours/night
Before	30 min	~1 h	8
After	8 h	~11 h	128

With ARC scaling 0-12 parallel runners and 16 fuzz targets, ⌈16/12⌉ × 8h ≈ 11 h wall time per nightly cron. Fits inside the 24 h cron cycle; existing cancel-in-progress concurrency rule already protects against overlap if a run drags long.

Quick Fuzz (corpus-only smoke test) stays at 120 s — that's the PR-time check and should stay fast.

Test plan

• No PR-time impact (Deep Fuzzing is if: github.event_name == 'schedule')
• First nightly after merge runs the full 8 h per target
• Confirm runner pool can sustain the load

Summary by CodeRabbit

• Tests
  • Extended security fuzzing execution duration for more comprehensive testing validation.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 90fd627a-3f0f-495e-90ff-144dc5c9d146

📥 Commits

Reviewing files that changed from the base of the PR and between 936d55f and b8e81e1.

📒 Files selected for processing (1)

• .github/workflows/security.yml

---

📝 Walkthrough

Walkthrough

This PR extends the timeout configuration for the deep-fuzz security job in GitHub Actions. The job-level timeout is set to 540 minutes, and the fuzz execution timeout per target is increased from 30 minutes to 8 hours (28800 seconds) with matching documentation updates.

Changes

Deep Fuzz Timeout Configuration

Layer / File(s)	Summary
Deep fuzz timeout extension .github/workflows/security.yml	The deep-fuzz job adds a 540-minute job timeout and extends the per-target fuzz execution time from 30 minutes to 8 hours by updating the step timeout and -- -max_total_time parameter to 28800 seconds.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

A fuzzy rabbit hops with glee,
Eight hours to fuzz so merrily!
From thirty minutes fast and quick,
To eight-hour sessions—what a trick! 🐰⏰

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately summarizes the main change: updating Deep Fuzzing to run 8 hours per target instead of the previous 30 minutes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/deep-fuzz-actually-eight-hours

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}