Remove dependency on rust_decimal, remove ignore of RUSTSEC-2026-0001 (#19666)

## Which issue does this PR close?

- Part of #19656


## Rationale for this change
rust_decimal is a one person crate and is released somewhat infrequently
* https://github.com/paupino/rust-decimal
* https://crates.io/crates/rust_decimal

It also uses a non trivial number of dependencies, including
https://crates.io/crates/rkyv, some sort of zero copy deserialization
framework that was recently subject to a RUSTSEC security advisory, see
#19656 /
#19657

Since `rust_decimal` is only used for sqllogictests to parse the results
from postgres, we can pretty easily remove the dependency on
`rust_decimal` and inline the very small amount functionality we need
for sqllogictests

This will both decrease the build time and our dependency trail.


## What changes are included in this PR?

Removes the `rust_decimal` dependency from DataFusion
and inlines the smallest required subset of decimal functionality we
need for
sqllogictests (which turns out to be pretty small)

## Are these changes tested?

Yes by CI

## Are there any user-facing changes?
No, this is all internal testing infrastructure

Author: alamb

.github/workflows/audit.yml

@@ -46,7 +46,6 @@ jobs:
         with:
           tool: cargo-audit
       - name: Run audit check
-        # RUSTSEC-2026-0001: https://rustsec.org/advisories/RUSTSEC-2026-0001.html
-        # underlying rkyv is patched, but rustsec database not yet updated
-        # Can remove when this is merged: https://github.com/rustsec/advisory-db/pull/2565
-        run: cargo audit --ignore RUSTSEC-2026-0001
+        # Note: you can ignore specific RUSTSEC issues using the `--ignore` flag ,for example:
+        # run: cargo audit --ignore RUSTSEC-2026-0001
+        run: cargo audit