Deps: Update transitive dependencies quinn-proto and aws-lc-sys

[tvpeter]

Description

This PR updates transitive dependencies quinn-proto and aws-lc-sys to fix identified vulnerabilities.
Other aws-lc-sys linked vulnerabilities fixed by this update include:

• AWS-LC has Timing Side-Channel in AES-CCM Tag Verification
• AWS-LC has PKCS7_verify Signature Validation Bypass
• CRLs not considered authorative by Distribution Point due to faulty matching logic in rustls-webpki v0.103.8

This PR also update:

• clap to v4.6
• clap_complete to v4.6
• env_logger to v0.11.10
• thiserror to v2.0.18
• tracing to v0.1.44
• toml to v1.1.0
• bdk_electrum to v0.23.2
• bdk_kyoto to v0.15.4
• bdk_redb to v0.1.1
• reqwest to v0.13.2
• url to v2.5.8

Fixes #249, #250, #258, #259, #260, #261, #262 and #264

All Submissions:

• I've signed all my commits
• I followed the contribution guidelines
• I ran cargo fmt and cargo clippy before committing

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 11.13%. Comparing base (f32fc68) to head (fb9fe29).
⚠️ Report is 21 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #251      +/-   ##
==========================================
+ Coverage   10.84%   11.13%   +0.29%     
==========================================
  Files           8        8              
  Lines        2472     2488      +16     
==========================================
+ Hits          268      277       +9     
- Misses       2204     2211       +7     

Flag	Coverage Δ
rust	11.13% <ø> (+0.29%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[oleonardolima]

utACK

As far as I can tell, the aws-lc-rs and aws-lc-sys issues should be handled by a simple cargo update.

However, if you'd like to pin their version, you should also check if it's better to pin the rustls instead, as aws-lc-sys is a transitive dependency from it.

[tvpeter]

As far as I can tell, the aws-lc-rs and aws-lc-sys issues should be handled by a simple cargo update.

Yes, it was a simple cargo update with the specific affected library to avoid breaking the build. In the case of aws-lc-sys, I had to update the parent library aws-lc-rs to a compatible version. As for the quinn-proto, I updated it using cargo update -p quinn-proto, testing the build and other checks.

[notmandatory]

I'm OK with bumping version in Cargo.toml and doing the cargo update to fix transient dependencies. For this project it should be OK to be on latest stable everything and make sure known vulnerabilities fixed.

tACK fb9fe29

% cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 995 security advisories (from /Users/steve/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (351 crate dependencies)
%