Fix ref safety holes in delegate conversions across old/new rule boundaries

[Copilot]

Fix ref safety holes in delegate conversions

This PR fixes a ref safety hole that occurred when converting methods from old-rules assemblies to delegates in new-rules contexts (issue #76087).

Summary of Changes

Core Fix (Binder_Conversions.cs)

Added validation in CheckParameterModifierMismatchMethodConversion to detect when:

1. A delegate (synthesized or custom) is being created from a method group
2. The target method and delegate have mismatched escape rules (old vs new)
3. The method signature involves ref structs or ref/out parameters that could violate ref safety

When all conditions are met, a new error (ERR_RefSafetyInDelegateConversion) is now reported at the delegate conversion point with a clear, user-friendly error message.

Breaking Change: This check applies to ALL delegates (both synthesized and custom), not just synthesized delegates. Cross-version delegate conversions that previously produced warnings will now produce errors when ref-safety violations exist. This is necessary because the ref-safety hole exists for all delegate types when crossing old/new rule boundaries.

New Error Code

• Added ERR_RefSafetyInDelegateConversion (9340) with message: "Cannot convert method group '{0}' to delegate type '{1}' due to mismatched ref safety requirements between the method and delegate."
• This provides much clearer feedback to users compared to generic delegate mismatch errors, explicitly explaining the ref safety issue.
• Updated ErrorFacts.cs to properly handle the new error code.

Test Updates

• Updated RefSafetyRules_SynthesizedDelegate test to expect error at delegate conversion for synthesized delegates
• Updated RefSafetyRules_CustomDelegate test to expect error for custom delegates
• Added 4 new comprehensive tests covering:
  • Out parameters
  • Both methods using new rules (no error expected)
  • Both methods using old rules (no error expected)
  • No ref structs involved (no error expected)
• Updated 2 existing tests that were affected by the fix
• Additional test updates needed for ~12 tests that previously expected warnings in cross-version scenarios
• All test expectations now use the new error code with improved messaging

Testing

• Core tests pass for synthesized and custom delegate scenarios
• Additional test updates in progress for cross-version scenarios that now report errors instead of warnings

Impact

This change prevents ref safety violations that could occur when using delegates as a boundary between old and new ref safety rules, making the compiler more robust and safer while providing clear, actionable error messages to users about what went wrong. This is a breaking change that upgrades certain cross-version warnings to errors to properly address the ref-safety hole.

Fixes #76087

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Synthesized delegates allow ref safety holes on the boundary of old and updated rules</issue_title>
<issue_description>```cs
[Fact]
public void RefSafetyRules_SynthesizedDelegate()
{
var source1 = """
public static class C
{
public static R M(ref int x) => new R { F = ref x };
}
public ref struct R
{
public ref int F;
}
""";
var ref1 = CreateCompilation(source1, targetFramework: TargetFramework.Net70)
.VerifyDiagnostics().EmitToImageReference();

var source2 = """
    R r;
    {
        int x = 1;
        r = C.M(ref x);

        var d = C.M;
        r = d(ref x);
    }
    """;
CreateCompilation(source2, [ref1], parseOptions: TestOptions.Regular10).VerifyDiagnostics(
    // (4,9): error CS8347: Cannot use a result of 'C.M(ref int)' in this context because it may expose variables referenced by parameter 'x' outside of their declaration scope
    //     r = C.M(ref x);
    Diagnostic(ErrorCode.ERR_EscapeCall, "C.M(ref x)").WithArguments("C.M(ref int)", "x").WithLocation(4, 9),
    // (4,17): error CS8168: Cannot return local 'x' by reference because it is not a ref local
    //     r = C.M(ref x);
    Diagnostic(ErrorCode.ERR_RefReturnLocal, "x").WithArguments("x").WithLocation(4, 17));

}

There is no error reported at `r = d(ref x);` even though the call is equivalent to `r = C.M(ref x);` where a ref safety error is reported.

NOTE: Adding tests mentioning this issue in https://github.com/dotnet/roslyn/pull/75930.</issue_description>

## Comments on the Issue (you are @copilot in this section)

<comments>
<comment_new><author>@RikkiGibson</author><body>
I think the most reasonable solution here would be to make the delegate conversion an error, when a difference between the target method and delegate signatures is violating ref safety.

Basically I think if there is some "old rules" method involving refs and ref structs, which user wants to make a delegate for in a newer project, they may have to do some contortions for the delegate type they declare, or enter an unsafe context and suppress a warning to proceed.</body></comment_new>
</comments>

Fixes #76087

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[jjonescz]

@copilot