Update h2 to 0.3.26 to address RUSTSEC-2024-0332

[Wumpf]

What

addresses

    = ID: RUSTSEC-2024-0332
    = Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0332
    = An attacker can send a flood of CONTINUATION frames, causing `h2` to process them indefinitely.
      This results in an increase in CPU usage.

      Tokio task budget helps prevent this from a complete denial-of-service, as the server can still
      respond to legitimate requests, albeit with increased latency.

      More details at "https://seanmonstar.com/blog/hyper-http2-continuation-flood/.

as flagged by cargo deny

Checklist

• I have read and agree to Contributor Guide and the Code of Conduct
• I've included a screenshot or gif (if applicable)
• I have tested the web demo (if applicable):
  • Using newly built examples: rerun.io/viewer
  • Using examples from latest main build: rerun.io/viewer
  • Using full set of examples from nightly build: rerun.io/viewer
• The PR title and labels are set such as to maximize their usefulness for the next release's CHANGELOG
• If applicable, add a new check to the release checklist!

• PR Build Summary
• Docs preview
• Examples preview
• Recent benchmark results
• Wasm size tracking

[teh-cmc]

This should by updated in the cargo.toml directly too

[Wumpf]

@teh-cmc what would that look like exactly? We don't depend on h2 directly :/