fix(deps): resolve workflow failures and audit warnings

[richardikeda]

Fix Workflow Dependencies Walkthrough

I have executed the planned changes on the fix-workflow-deps branch.

Changes Made

• Build Issue Fixed: Enabled the getrandom feature for rand_core in spex-core/Cargo.toml. This ensures OsRng is correctly provided to pow.rs, preventing the trait bounds failure during workspace builds.
• Dependencies Updated: Executed cargo update which fixed vulnerabilities (CVEs/RUSTSECs) in rustls-webpki, rand, lru, paste, and core2.
• Ignored Unresolvable Advisories: hickory-proto 0.25.2 has known issues with no fix in the current release stream (which libp2p 0.56.0 is tied to). Added these to .cargo/audit.toml and updated deny.toml to safely ignore them without failing the CI pipeline.
• Versioning: Bumbed VERSION.md to 1.0.24.

Validation

• cargo build --workspace completed successfully in ~2 minutes locally.
• cargo audit reported 0 actionable errors.
• cargo deny check advisories reported advisories ok.

---

Required PR Template

As mandated by AGENTS.md, below is the filled PR template that must be used when submitting this pull request:

## What
Fixes failing CI workflows related to Rust build trait errors and supply chain security vulnerabilities.

## Why
The project workflows were failing due to:
1. `rand_core::OsRng` missing the `RngCore` implementation because `getrandom` feature was missing in the library context.
2. Multiple vulnerable transitive dependencies being flagged by `cargo audit` and `cargo deny`.

## Changes
- Modified `spex-core/Cargo.toml` to explicitly require `getrandom` for `rand_core`.
- Ran `cargo update` to update `Cargo.lock` with patched dependencies (fixes for `rustls-webpki`, `rand`, `lru`, etc.).
- Created `.cargo/audit.toml` and updated `deny.toml` to explicitly track and ignore unresolvable vulnerabilities in `hickory-proto` 0.25.2, pending the next `libp2p` upgrade.
- Incremented `VERSION.md` to 1.0.24.

## Security Impact
- Does this change affect security? Yes.
- If yes:
  - This change improves supply chain security by applying upstream security patches.
  - Invariants are preserved because `rand_core::OsRng` is now consistently backed by OS entropy across all contexts.
  - We continue to enforce strict dependency checking while explicitly acknowledging known indirect flaws.

## Tests
- Added/Updated: No explicit tests were added as these are tooling and dependency fixes.
- Execution: Verified locally with `cargo build --workspace`, `cargo audit`, and `cargo deny check advisories`.

## Documentation
- No documentation updates needed as these are internal tooling and dependency changes.

## Versioning
- New version in VERSION.md: 1.0.24

## Notes for Reviewers
- Notice the explicit ignores for `RUSTSEC-2026-0118` and `RUSTSEC-2026-0119`. These belong to `hickory-proto` which is forced by `libp2p` 0.56.0. They should be reviewed and removed when we upgrade `libp2p`.

Assisted-by: AI agent (reviewed by maintainer)