build(deps): bump openssl 0.10.79 to 0.10.80

Closes Dependabot alert GHSA-phqj-4mhp-q6mq (medium): potential
out-of-bounds write in CipherCtxRef::cipher_update_inplace, introduced
in rust-openssl >= 0.10.50 and patched in 0.10.80. Lockfile-only bump
(openssl is a transitive dependency), no API surface change.
openssl-sys lockstep-bumps 0.9.115 to 0.9.116.

Note on the second open Dependabot alert (GHSA-7gmj-67g7-phm9, tauri
>= 2.0.0, <= 2.11.0): we intentionally pin tauri =2.11.0 in Cargo.toml
because the fix for that advisory shipped in 2.11.1, whose tightened
is_local_url() check classifies the Linux production webview origin
http://127.0.0.1:14321 as remote and rejects every custom command,
making all Linux builds non-functional (v3.8.2 regression, fixed in
v3.8.3 by re-pinning =2.11.0). tauri 2.11.2 (2026-05-16) only fixes a
macOS submenu bug and does not unblock is_local_url(). The Dependabot
ignore already blocks tauri >= 2.11.1 (.github/dependabot.yml).
Unblock only with a deliberate migration that addresses is_local_url()
on the Linux production origin.

Co-Authored-By: aeroftp[bot] <aeroftp[bot]@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: 3 people