Security: Mitigate tantivy/lru unsound advisory chain

[saagar210]

Tracking unsound advisory in lru pulled transitively through Tantivy/Lance stack.

Advisories in this track:

• RUSTSEC-2026-0002 (lru)

Current dependency chain evidence:

• lru -> tantivy -> lance-index/lance/lancedb -> assistsupport

Planned mitigation path:

1. Monitor tantivy/lance ecosystem for patched lru dependency.
2. Evaluate whether dependency override to fixed lru is safe once upstream compatibility is confirmed.
3. Remove waiver immediately after dependency graph update.

Parent issue: #11