security: Eliminate all Dependabot vulnerabilities

Remove vulnerable dependencies by replacing Solana utility crates:

- Remove unused `config` crate (json5 vulnerability RUSTSEC-2025-0120)
- Replace `solana-clap-utils` with src/utils/validators.rs
  - Eliminates ansi_term (RUSTSEC-2021-0139)
  - Eliminates atty (RUSTSEC-2024-0375, RUSTSEC-2021-0145)
  - Eliminates clap 2.x dependency chain entirely
- Replace `solana-cli-config` with src/utils/config_loader.rs
  - It depended on solana-clap-utils transitively

Results:
- Security vulnerabilities: 5 → 1 (only paste "unmaintained" warning remains)
- clap 2.x: Completely eliminated from dependency tree
- Total crates: 3053 → 2949 (-104 dependencies)
- ~250 lines of straightforward Rust replaces 2 external crates

The remaining paste warning (RUSTSEC-2024-0436) is "unmaintained" not a
security vulnerability. It's used by ratatui, image, rmp-serde and cannot
be removed without major TUI rewrites.

Also fixes pre-existing compilation errors in ovsm compiler (borrow checker,
match exhaustiveness for new Load1/2/4 instructions).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: 0xrinegade

.cargo/audit.toml

@@ -0,0 +1,14 @@
+# Security audit configuration
+#
+# 2025-11-27: All vulnerabilities eliminated!
+# - Removed unused `config` crate (json5 vulnerability)
+# - Replaced `solana-clap-utils` with src/utils/validators.rs (ansi_term, atty vulnerabilities)
+#
+# This file is now empty but kept for documentation purposes.
+
+[advisories]
+ignore = []
+
+# If paste (RUSTSEC-2024-0436) ever becomes a real security issue rather than
+# just "unmaintained", it can be monitored here. Currently it's still functional
+# and used by: ratatui, image, rmp-serde, nalgebra