[CHORE]: Reduce cargo-vet exemptions in the Rust workspace

[lucarlig]

🔧 Chore Summary

Reduce the remaining temporary cargo-vet exemptions introduced with the top-level Rust workspace so they can be replaced over time with imported audits, narrower trust entries, or local audits.

---

🧱 Area Affected

• GitHub Actions / CI Pipelines
• Pre-commit hooks / linters
• Formatting (black, isort, ruff, etc.)
• Type-checking (mypy, pyright, pytype, etc.)
• Dependency cleanup or updates
• Build system or Makefile
• Containerization (Docker/Podman)
• Docs or spellcheck
• SBOM, CVE scans, licenses, or security checks
• Other:

---

⚙️ Context / Rationale

PR #4087 enabled cargo vet as a required CI gate and left a tracked set of temporary exemptions in supply-chain/config.toml. This follow-up keeps that debt visible and gives us a place to reduce the exemption count without weakening the policy we just enabled.

---

📦 Related Make Targets

• make rust-vet - run the Rust supply-chain policy check (if/when exposed through the Makefile)
• make verify - broader verification entry point when Rust policy checks are included

---

📋 Acceptance Criteria

• Linter runs cleanly (make lint)
• CI passes with no regressions
• Docs/tooling updated (if applicable)
• Security scans pass
• Current temporary exemptions are reviewed by ecosystem or owner
• Imported audits are used where available
• Remaining exemptions are narrowed or justified explicitly
• cargo vet check stays green in CI while the exemption count is reduced

---

🧩 Additional Context

Suggested follow-ups:

• Audit the current exempted crates by ecosystem or ownership
• Replace exemptions with imported upstream audits where available
• Add narrower trust entries only when justified
• Add local audits for crates that remain unaudited
• Periodically report the remaining exemption count