chore: dependency overhaul (#135)

* chore: replace unmaintained backoff with backon to fix rand vuln

The `backoff` crate depends on `rand@0.8.5` which was flagged with a
security vulnerability. Replace it with `backon`, an actively maintained
alternative with equivalent exponential backoff and async retry support.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore: bump all dependencies to latest

Update all dependency versions to their latest semver-compatible
releases and fix indicatif 0.18 API changes (template() now returns
Result, enable_steady_tick() now takes Duration).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore: update changelog for recent dependency changes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: box Command in Exec error variant to satisfy clippy

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: lwshang

CHANGELOG.md

@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased] - ReleaseDate
 
+- Switched Rust toolchain from a pinned version to `stable`.
+- Replaced unmaintained `backoff` crate with `backon` to resolve a `rand` vulnerability.
+- Upgraded all dependencies to their latest versions.
+
 ## [1.0.2] - 2025-08-06
 
 - `dfxvm` now has the aarch64-linux version and supports installing dfx with the aarch64-linux binaries.