fix(deps): update rustls-webpki for RUSTSEC-2026-0104

[samrusani]

Description

Update rustls-webpki from 0.103.12 to 0.103.13 in Cargo.lock.

This addresses RUSTSEC-2026-0104, a reachable panic in certificate revocation list parsing.

Motivation and Context

Issue #7780 reports the advisory against rustls-webpki 0.103.12. The patched stable release is 0.103.13, so this PR keeps the update lockfile-only and avoids broader TLS dependency churn.

How Has This Been Tested?

• cargo tree -i rustls-webpki --locked
• cargo check --locked --ignore-rust-version -p tari_p2p -p minotari_app_grpc

Note: local toolchain in this environment is rustc 1.92.0 while the workspace requires 1.93.0; therefore --ignore-rust-version was used for local cargo check verification.

What process can a PR reviewer use to test or verify this change?

1. Confirm Cargo.lock resolves rustls-webpki 0.103.13.
2. Run cargo tree -i rustls-webpki --locked to confirm dependency paths.
3. Run cargo check --locked -p tari_p2p -p minotari_app_grpc with the repo-required Rust toolchain.

Breaking Changes

• None
• Requires data directory on base node to be deleted
• Requires hard fork
• Other - Please specify

Closes #7780.

[github-actions]

⚠️ This PR contains unsigned commits. To get your PR merged, please sign those commits (git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}) and force push them to this branch (git push --force-with-lease).

If you're new to commit signing, there are different ways to set it up:

Sign commits with gpg

Follow the steps below to set up commit signing with gpg:

1. Generate a GPG key
2. Add the GPG key to your GitHub account
3. Configure git to use your GPG key for commit signing

Sign commits with ssh-agent

Follow the steps below to set up commit signing with ssh-agent:

1. Generate an SSH key and add it to ssh-agent
2. Add the SSH key to your GitHub account
3. Configure git to use your SSH key for commit signing

Sign commits with 1Password

You can also sign commits using 1Password, which lets you sign commits with biometrics without the signing key leaving the local 1Password process.

Learn how to use 1Password to sign your commits.

[gemini-code-assist]

Code Review

This pull request updates the rustls-webpki dependency in Cargo.lock from version 0.103.12 to 0.103.13. I have no feedback to provide.

[samrusani]

Pushed an updated commit signed via SSH (new head: fd14948).

CI is showing “action_required” with 0 jobs, so I suspect it’s just waiting for maintainer approval to run workflows on this PR/fork.