Resolve upstream RustSec dependency advisories

[mdheller]

Summary

cargo audit is currently failing on upstream Rust dependency advisories discovered while validating PR #15. The PR itself adds a Python/status/operator surface and does not introduce these Rust dependencies, but the gate is now correctly surfacing upstream security debt.

Advisories observed

• RUSTSEC-2026-0007: bytes integer overflow in BytesMut::reserve; upgrade to bytes >= 1.11.1.
• RUSTSEC-2026-0104: rustls-webpki reachable panic in CRL parsing; upgrade to rustls-webpki >= 0.103.13 or compatible fixed alpha lane.
• RUSTSEC-2026-0049: rustls-webpki CRL Distribution Point matching logic; upgrade to rustls-webpki >= 0.103.10.
• RUSTSEC-2026-0098: rustls-webpki URI name constraints issue; upgrade to rustls-webpki >= 0.103.12 or compatible fixed alpha lane.
• RUSTSEC-2026-0099: rustls-webpki wildcard name constraints issue; upgrade to rustls-webpki >= 0.103.12 or compatible fixed alpha lane.
• RUSTSEC-2026-0068: tar PAX size header handling; upgrade to tar >= 0.4.45.
• RUSTSEC-2026-0067: tar::Archive::unpack_in symlink chmod issue; upgrade to tar >= 0.4.45.
• RUSTSEC-2026-0009: time stack exhaustion DoS; upgrade to time >= 0.3.47.

Acceptance criteria

• Update dependency graph or upstream source synchronization so the vulnerable crate versions are no longer present in Cargo.lock.
• Remove the temporary ignores from .cargo/audit.toml once fixed.
• cargo audit passes without temporary advisory ignores.
• Keep the wrapper safety checks and TurtleTerm packaging gates green.

Notes

This is an upstream dependency/security remediation work item. It should be handled as a bounded dependency upgrade, not hidden as incidental CI noise.