ci: vendor bashunit instead of installing via curl

[Chemaclass]

Vendors bashunit 0.37.0 as e2e/bashunit and runs it directly, dropping the curl | bash install step from both E2E jobs.

Why

• Deterministic, pinned bashunit release committed in the repo — same version for local and CI testing.
• No network dependency on bashunit.typeddevs.com during CI.
• No curl piped into bash.

Changes

• Add e2e/bashunit (v0.37.0, executable).
• Remove e2e/bashunit from .gitignore.
• Drop both Install bashunit curl steps in .github/workflows/e2e-tests.yml.

Verify the committed file

The vendored binary matches the official bashunit 0.37.0 release. See the Verify section of the docs. To check the sha256 locally:

DIR="e2e"; KNOWN_HASH="18f1e8354213001b80e37c722b8520ebe26ce10fce11cb20ee471ddc96a21b11"; FILE="$DIR/bashunit"; [ "$(shasum -a 256 "$FILE" | awk '{ print $1 }')" = "$KNOWN_HASH" ] && echo "bashunit verified." || echo "bashunit corrupt"

[ondrejmirtes]

I don't love commited code in the repository that isn't ours. Perhaps we could download it on demand from https://github.com/TypedDevs/bashunit/releases?

[ondrejmirtes]

Also you could make your releases immutable if they're not yet :) https://docs.github.com/en/code-security/concepts/supply-chain-security/immutable-releases

[Chemaclass]

@ondrejmirtes ah, alright, then I will just dump the release to latest in a new PR