chore(deps): bump rustls-webpki to patch RUSTSEC-2026-0098/0099

Two advisories landed against `rustls-webpki 0.103.10`:
- RUSTSEC-2026-0098: URI name constraints were incorrectly accepted
- RUSTSEC-2026-0099: wildcard-name certificates bypassed DNS name
  constraints (similar to CVE-2025-61727)

Both are reachable only after signature verification and require
misissuance to exploit, but `cargo deny check` now fails on them.
`cargo update -p rustls-webpki` moves us to 0.103.12 which contains
the fix.

Author: fengmk2