One pass of cargo-audit

Upgrade some yanked dependencies to non-yanked (windows-core) and ignore
the other two warnings.

.cargo/audit.toml

@@ -0,0 +1,11 @@
+[advisories]
+ignore = [
+    # RSA Marvin Attack in `rsa`, dragged in through rustcrypto (dev builds)
+    # and adb_client (USB signing only, unrelated to marvin attack which
+    # targets decryption).
+    "RUSTSEC-2023-0071",
+    # paste crate being unmaintained is not important. it's not dealing with
+    # user-input. we could get rid of this warning by disabling the image
+    # dependency in adb-client.
+    "RUSTSEC-2024-0436",
+]