bump rustls-webpki to 0.103.13

[AlexMelanFromRingo]

Summary

• bump rustls-webpki 0.103.10 -> 0.103.13 in rust/Cargo.lock

Why

rustls-webpki 0.103.10 is reachable via reqwest -> hyper-rustls -> rustls -> rustls-webpki and has three open advisories:

• RUSTSEC-2026-0098: name constraints for URI names were incorrectly accepted
• RUSTSEC-2026-0099: name constraints accepted for certificates asserting a wildcard name
• RUSTSEC-2026-0104: reachable panic in CRL parsing

0.103.13 is the first patched release in the 0.103.x line. Lockfile-only bump, no Cargo.toml changes needed since the existing constraint already accepts it.

Testing

• cargo build --workspace --all-targets
• cargo test --workspace (1117 passed, 0 failed)
• cargo audit (the three rustls-webpki advisories no longer fire)

Notes

The remaining audit output is unrelated to this PR (bincode and yaml-rust are unmaintained advisories; the telemetry 0.1.0 hit is a name collision between this workspace's local telemetry crate and an unrelated published crate that shares its name+version).

Architectural permission-model issues spotted during the same audit pass are filed separately as #3007 and are not addressed here.