fix: update openssl to resolve CVE-2026-41898

[dannyneira]

Summary

• Updates transitive Rust dependency openssl from 0.10.72 to 0.10.80 in Cargo.lock.
• Updates openssl-sys from 0.9.107 to 0.9.116 as part of the lockfile refresh.
• Resolves the selected openssl Dependabot alert batch for warpdotdev/tink-rust.

Vulnerabilities resolved

• CVE-2026-41898 / GHSA-hppc-g8h3-xhp3 / https://github.com/warpdotdev/tink-rust/security/dependabot/7
• CVE-2026-41681 / GHSA-ghm9-cr32-g9qj / https://github.com/warpdotdev/tink-rust/security/dependabot/8
• CVE-2026-41678 / GHSA-8c75-8mhr-p7r9 / https://github.com/warpdotdev/tink-rust/security/dependabot/9
• CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 / https://github.com/warpdotdev/tink-rust/security/dependabot/11
• CVE-2026-42327 / GHSA-xp3w-r5p5-63rr / https://github.com/warpdotdev/tink-rust/security/dependabot/12
• CVE-2026-41677 / GHSA-xmgf-hq76-4vx2 / https://github.com/warpdotdev/tink-rust/security/dependabot/10
• CVE-2026-44662 / GHSA-xv59-967r-8726 / https://github.com/warpdotdev/tink-rust/security/dependabot/13
• CVE-2026-45784 / GHSA-phqj-4mhp-q6mq / https://github.com/warpdotdev/tink-rust/security/dependabot/14

Notes

• The vulnerable dependency is transitive via native-tls / hyper-tls / rusoto_*; no manifest changes were required.
• No Dependabot update error was present for these alerts.
• No workaround such as [patch], replacement, or override was needed.

Validation

• cargo audit --json no longer reports any openssl advisories. It still reports unrelated existing findings for bytes, idna, ring, rustls, and webpki.
• cargo build passed.
• git submodule update --init --recursive && cargo test passed.

Conversation: https://staging.warp.dev/conversation/fe8be120-1e48-4071-b448-c2e1eea47c7f
Run: https://oz.staging.warp.dev/runs/019e799d-2319-75ce-a639-02052a6875f4
Co-Authored-By: Oz oz-agent@warp.dev
This PR was generated with Oz.