fix(deps): replace unmaintained rust-crypto with sha2, bump vulnerable dependencies

  rust-crypto has known AES miscomputation (RUSTSEC-2022-0011) and its
  transitive dep rustc-serialize has a stack overflow (RUSTSEC-2022-0004).
  Both crates are unmaintained with no upgrade path.

  Replace with the sha2 crate (0.10), which provides hardware-accelerated
  SHA-256 via SHA-NI on x86_64 and ARMv8 intrinsics on aarch64. All three
  call sites (compute_script_hash, get_status_hash, hash_ip_with_salt)
  are updated to the sha2 Digest API.

  Also bumps tokio (1.49→1.52, RUSTSEC-2025-0023) and tar (0.4.44→0.4.45,
  RUSTSEC-2026-0068). Resolves 11 of 18 cargo-audit findings; the
  remaining 7 are pinned by upstream deps (electrum-client, electrumd,
  minreq) and require upstream releases.

Author: EddieHouston