Update pyo3 to fix RUSTSEC-2026-0013 (memory corruption)

[bug-ops]

Problem

cargo deny check advisories fails due to RUSTSEC-2026-0013 in pyo3 0.28.0.

Vulnerability: Type confusion when accessing data from subclasses of native Python types with abi3 feature targeting Python 3.12+, leading to memory corruption.

Impact: Blocks CI Security Audit job for all PRs (e.g. #60).

Solution

Upgrade pyo3 to >=0.28.2:

cargo update -p pyo3

References

• Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0013
• PyO3 fix: Opaque PyObject ABI support PyO3/pyo3#5807 (comment)