TurnServer: remove workarounds and add tests for uncovered error paths

[CraziestPower]

Summary

TurnServer.cs contained two workarounds for bugs that have since been fixed upstream:

• BuildErrorCodeAttribute(code, reason) — manual ERROR-CODE construction to work around the broken STUNErrorCodeAttribute(int, string) constructor (fixed in Fix STUNErrorCodeAttribute(int, string) constructor #1509)
• VerifyMessageIntegrity(rawBytes, key) — manual HMAC verification to work around CheckIntegrity() requiring FINGERPRINT (fixed in Fix CheckIntegrity() failing when FINGERPRINT is absent #1510)

These should be replaced with the fixed library methods:

• new STUNErrorCodeAttribute(code, reason) (8 call sites)
• request.CheckIntegrity(key) (1 call site)

Additionally, 5 of the 8 STUNErrorCodeAttribute error paths have no test coverage:

1. 437 — Duplicate allocation (allocate when allocation already exists)
2. 437 — Refresh without allocation
3. 437 — CreatePermission without allocation
4. 437 — ChannelBind without allocation
5. 400 — ChannelBind missing channel number or peer address

Acceptance criteria

• Remove BuildErrorCodeAttribute() helper and replace all 8 call sites with new STUNErrorCodeAttribute(code, reason)
• Remove VerifyMessageIntegrity() helper and replace with request.CheckIntegrity(key)
• Remove the rawBytes parameter threaded through ProcessMessage and HandleAllocate
• Remove the outdated security doc comment about the workarounds
• Add 5 unit tests covering the uncovered error paths
• All 17 TurnServer tests pass