fix: allow RUSTSEC-2025-0134 rustls-pemfile advisory

Add RUSTSEC-2025-0134 to the deny.toml advisory ignore list. The rustls-pemfile
crate is unmaintained but is only a transitive dependency via readability->reqwest.

The crate is a read-only PEM file parser used for TLS connections, with no code
execution risks. Users are encouraged to migrate to rustls-pki-types, but that
requires upgrading the readability crate to a newer version that doesn't depend
on the older reqwest chain.

This is consistent with the existing policy of allowing unmaintained transitive
dependencies when no safer upgrade path exists and the actual security risk is
minimal.

Author: yiwang

deny.toml

@@ -74,6 +74,7 @@ ignore = [
     { id = "RUSTSEC-2024-0384", reason = "instant: unmaintained, pulled in by notify; no upgrade available" },
     { id = "RUSTSEC-2024-0436", reason = "paste: unmaintained, transitive dep of tokenizers/rav1e; no upgrade available" },
     { id = "RUSTSEC-2024-0370", reason = "proc-macro-error: unmaintained, transitive dep of rust-embed; no upgrade available" },
+    { id = "RUSTSEC-2025-0134", reason = "rustls-pemfile: unmaintained but pulled in by readability->reqwest; only reads PEM files for TLS, no code execution risk" },
 ]
 # If this is true, then cargo deny will use the git executable to fetch advisory database.
 # If this is false, then it uses a built-in git library.