fix: update ring to resolve CVE-2025-4432

[dannyneira]

Summary

• Updates the GCP KMS TLS/auth stack so transitive ring resolves to patched 0.17.14 for CVE-2025-4432.
• Migrates the small GCP KMS HTTP client from Hyper 0.14 to Hyper 1 via hyper-util, http-body-util, and hyper-rustls 0.27.7.
• Refreshes related transitive dependencies (rustls-webpki, bytes, idna, rand) so cargo audit exits successfully with only existing allowed warnings.

Vulnerability details

• Advisory: GHSA-4p46-pwfr-66x6
• RustSec: https://rustsec.org/advisories/RUSTSEC-2025-0009.html
• Dependabot alert: https://github.com/warpdotdev/tink-rust/security/dependabot/4
• Package: ring
• Ecosystem: Rust
• Relationship: transitive runtime dependency via the GCP KMS TLS/auth stack
• Vulnerable range: < 0.17.12
• Patched version in lockfile: 0.17.14

Verification

• cargo check -p tink-gcpkms
• git submodule update --init --recursive
• cargo test
• cargo build && cargo audit

cargo audit now exits 0; remaining audit output is limited to advisories already allowed in deny.toml.

Co-Authored-By: Oz oz-agent@warp.dev

Conversation: https://staging.warp.dev/conversation/9332c5bc-bf25-41c9-bcc0-e1b380b0a630
Run: https://oz.staging.warp.dev/runs/019e7ec3-82b7-74a4-8c6f-4131e398ad86
This PR was generated with Oz.