ZKP-55 [base] Fix cargo audit errors

[AHaliq]

Purpose

Followup on ZKP-55 fixes.

Changes

Bump criterion to version 0.5.1

Checklist

• My code follows the style of this project.
• The code compiles without warnings.
• I have performed a self-review of the changes.
• I have documented my code, in particular the intent of the
  hard-to-understand areas.
• (If necessary) I have updated the CHANGELOG.

CLA acceptance

_Remove if not applicable.

By submitting the contribution I accept the terms and conditions of the
Contributor License Agreement v1.0

• link: https://developers.concordium.com/CLAs/Contributor-License-Agreement-v1.0.pdf

• I accept the above linked CLA.

[Copilot]

Pull request overview

This PR updates the criterion benchmarking dependency from version 0.4 to 0.5 to address cargo audit security findings, as part of the ZKP-55 issue resolution.

Key Changes

• Upgraded criterion from 0.4 to 0.5 with the html_reports feature enabled
• Updated Cargo.lock with transitive dependency updates resulting from the criterion upgrade

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File	Description
rust-src/concordium_base/Cargo.toml	Updates criterion dev-dependency from version 0.4 to 0.5 with html_reports feature
rust-src/Cargo.lock	Contains all transitive dependency updates resulting from the criterion version bump

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[AHaliq]

There is also a vulnerability with rkyv 0.7.45 used by rust_decimal 1.39.0 in our concordium-contracts-common 9.2.0. Despite the solution to bump to rkyv 0.8.13, the rust_decimal crate has not made the update. Will ignore this for now.