chore: fix Rust dependency vulnerabilities (#462)

* chore: cargo update

* chore: remove resolved vulnerability ignores from audit.toml

RUSTSEC-2026-0001 and RUSTSEC-2026-0037 are no longer blocking as the
affected crate versions have been upgraded to safe ones in Cargo.lock.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore: upgrade winreg to 0.56.0

Resolves RUSTSEC-2026-0037 indirectly — winreg 0.56.0 updates
windows-sys to 0.61.2, which is required by the safe quinn-proto version.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore: upgrade bollard to 0.20.2 and fix breaking API changes

Model types moved from `bollard::secret` to `bollard::models` in 0.20.2.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: lwshang

.cargo/audit.toml

@@ -1,8 +1,6 @@
 [advisories]
 ignore = [
   "RUSTSEC-2025-0140", # gix-date UTF-8 contract issue dependency of cargo-generate
-  "RUSTSEC-2026-0001", # rkyv undefined behavior on OOM dependency of byte-unit
-  "RUSTSEC-2026-0037", # quinn-proto DoS - transitive via reqwest/ic-agent, quinn feature not used
 
   # Unmaintained crates (transitive dependencies)
   "RUSTSEC-2021-0127", # serde_cbor - dependency of ic-agent/ic-transport-types