RUSTSEC-2025-0134 rustls-pemfile crate is no longer maintained

[leighmcculloch]

The cargo deny job in the ci workflow is erroring with:

    ├ ID: RUSTSEC-2025-0134
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2025-0134
    ├ The rustls-pemfile crate is no longer maintained. The repository has been archived since August
      2025, and users are encouraged to depend directly on the underlying PEM parsing code included
      in rustls-pki-types since 1.9.0. The latest version of rustls-pemfile is in fact a thin wrapper
      around the same code used in rustls-pki-types, so migrating should be straightforward.
      
      The new API is represented by the [`PemObject`][PemObject] trait, which provides methods for
      reading a single or multiple PEM objects from a file or byte slice.
      
      [PemObject]: https://docs.rs/rustls-pki-types/latest/rustls_pki_types/pem/trait.PemObject.html
    ├ Announcement: https://github.com/rustls/pemfile/issues/61
    ├ Solution: No safe upgrade is available!
    ├ rustls-pemfile v1.0.4
      └── rustls-native-certs v0.6.3
          └── hyper-rustls v0.24.2
              └── jsonrpsee-http-client v0.20.4
                  ├── soroban-cli v23.3.0
                  │   ├── doc-gen v23.3.0
                  │   ├── soroban-test v23.3.0
                  │   └── stellar-cli v23.3.0
                  └── stellar-rpc-client v23.2.1
                      ├── soroban-cli v23.3.0 (*)
                      └── soroban-test v23.3.0 (*)

Ref: https://github.com/stellar/stellar-cli/actions/runs/20120963963/job/57740830196?pr=2324

[leighmcculloch]

Seems pretty odd to me to block PRs when a crate gets marked as unmaintained. Presumably, there's some probably very lengthy period of time where this is okay, it doesn't really matter, and it needs to go into a queue for someone to have a look at at some point.

[leighmcculloch]

Oops, it's not actually blocking PRs, it is just a warning. 😄