ci: ignore json5 unmaintained advisory in cargo-audit

Add --ignore flag for RUSTSEC-2025-0120 to cargo-audit workflow.
This matches the cargo-deny configuration and allows CI to pass.

The json5 crate is a transitive dependency via config 0.15.19 with no
safe upgrade path. The advisory is for unmaintained status, not a
security vulnerability.

Author: joshrotenberg

.github/workflows/security.yml

@@ -2,18 +2,18 @@ name: Security Audit
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
     paths:
-      - '**/Cargo.toml'
-      - '**/Cargo.lock'
-      - '.github/workflows/security.yml'
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+      - ".github/workflows/security.yml"
   pull_request:
     paths:
-      - '**/Cargo.toml'
-      - '**/Cargo.lock'
-      - '.github/workflows/security.yml'
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+      - ".github/workflows/security.yml"
   schedule:
-    - cron: '0 0 * * *'  # Daily at midnight UTC
+    - cron: "0 0 * * *" # Daily at midnight UTC
 
 env:
   CARGO_TERM_COLOR: always
@@ -29,23 +29,24 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-      
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a  # stable
+        uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a # stable
         with:
           toolchain: 1.89
-      
+
       - name: Cache cargo registry
-        uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab  # v2.7.5
+        uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5
         with:
           cache-on-failure: true
-      
+
       - name: Install cargo-audit
         uses: taiki-e/install-action@v2
         with:
           tool: [email protected]
-      
-      - name: Run security audit
-        run: cargo audit --deny warnings
 
+      - name: Run security audit
+        run: |
+          # Ignore RUSTSEC-2025-0120: json5 unmaintained (transitive via config 0.15.19, no upgrade path)
+          cargo audit --deny warnings --ignore RUSTSEC-2025-0120