feat: upgrade OpenMLS 0.5 → 0.8 for security patches and GREASE support

Migrates all MLS code in quicprochat-core from OpenMLS 0.5 to 0.8:
- StorageProvider replaces OpenMlsKeyStore (keystore.rs full rewrite)
- HybridCryptoProvider updated for new OpenMlsProvider trait
- Group operations updated for new API signatures
- MLS state persistence via MemoryStorage serialization
- tls_codec 0.3 → 0.4, openmls_traits/rust_crypto 0.2 → 0.5

Cargo.toml

@@ -26,12 +26,13 @@ categories  = ["cryptography", "network-programming"]
 [workspace.dependencies]
 
 # ── Crypto ────────────────────────────────────────────────────────────────────
-openmls            = { version = "0.5", default-features = false, features = ["crypto-subtle"] }
-openmls_rust_crypto = { version = "0.2" }
-openmls_traits     = { version = "0.2" }
-# tls_codec must match the version used by openmls 0.5 (which uses 0.3) to avoid
+openmls            = { version = "0.8" }
+openmls_rust_crypto = { version = "0.5" }
+openmls_traits     = { version = "0.5" }
+openmls_memory_storage = { version = "0.5" }
+# tls_codec must match the version used by openmls 0.8 (which uses 0.4) to avoid
 # duplicate Serialize trait versions in the dependency graph.
-tls_codec          = { version = "0.3", features = ["derive"] }
+tls_codec          = { version = "0.4", features = ["derive"] }
 # ml-kem 0.2 is the current stable release (FIPS 203, ML-KEM-768).
 ml-kem             = { version = "0.2" }
 x25519-dalek       = { version = "2", features = ["static_secrets"] }
@@ -87,7 +88,8 @@ tracing-subscriber = { version = "0.3", features = ["env-filter"] }
 anyhow             = { version = "1" }
 thiserror          = { version = "1" }
 
-# ── CLI ───────────────────────────────────────────────────────────────────────
+# ── Config / CLI ──────────────────────────────────────────────────────────────
+toml               = { version = "0.8" }
 clap               = { version = "4", features = ["derive", "env"] }
 rustyline           = { version = "14" }