chore(deps): cargo update lockfile

[dobby-coder]

Refreshes Cargo.lock with the transitive bumps flagged in #167.

Highlights

• aws-lc-rs 1.16.3 → 1.17.0, aws-lc-sys 0.40.0 → 0.41.0
• bincode-next 3.0.0-rc.13 → 3.0.0-rc.14
• rustls 0.23.38 → 0.23.40, rustls-pki-types 1.14.0 → 1.14.1
• tower-http 0.6.8 → 0.6.11
• wasm-bindgen 0.2.114 → 0.2.121 (+ matching -futures, -macro, -shared)
• web-sys 0.3.91 → 0.3.98, js-sys 0.3.91 → 0.3.98
• openssl 0.10.79 → 0.10.80, openssl-sys 0.9.115 → 0.9.116
• h2 0.4.13 → 0.4.14, hashbrown 0.17.0 → 0.17.1, digest 0.11.2 → 0.11.3
• cc 1.2.60 → 1.2.62, libc 0.2.185 → 0.2.186, winnow 1.0.2 → 1.0.3
• … plus the smaller transitive bumps listed by cargo update

No direct Cargo.toml edits — lockfile-only chore. No release-plz interaction (per release-plz.toml, this is a chore PR).

Verification

• cargo fmt --all -- --check — clean
• cargo clippy --all-targets -- -D warnings — clean
• cargo test — 100 passed, 0 failed
• cargo audit — 0 vulnerabilities; 1 unmaintained warning carried over from main: rustls-pemfile 1.0.4 (transitive via reqwest 0.11.27 ← irma 0.2.1). Not introduced by this PR and not addressable here — would need an irma bump.

Reviewer quickstart

git fetch origin && git checkout chore/dep-update-2026-05-19 && cargo test

Closes #167

[dobby-coder]

Status update: amd64 build, Rust quality (fmt/clippy/test), and Conventional Commit checks all pass. The arm64 Docker build job has been stuck "in_progress" on the Build and push by digest step for ~75 min (started 05:16, normal duration ~4-5 min). Looks like a hosted runner issue rather than anything in this PR. Leaving as draft until arm64 completes (or is re-run by a maintainer). All other gates green.