fix(deps): upgrade hickory-resolver 0.25 → 0.26 to fix RUSTSEC-2026-0118/0119 (#53)

* fix(deps): upgrade hickory-resolver 0.25 → 0.26 to fix RUSTSEC-2026-0118/0119

Upgrades hickory-resolver and hickory-proto from 0.25 to 0.26.1, which
resolves both CVEs affecting hickory-proto 0.25.2:
- RUSTSEC-2026-0119: CPU exhaustion via crafted DNS response (fixed >=0.26.1)
- RUSTSEC-2026-0118: NSEC3 unbounded hash iteration (fixed in 0.26)

Migrates crates/ans-verify/src/dns.rs to the 0.26 API:
- TokioConnectionProvider -> hickory_resolver::net::runtime::TokioRuntimeProvider
- ResolverConfig presets (cloudflare/google/quad9) -> ResolverConfig::udp_and_tcp/tls(&CLOUDFLARE/GOOGLE/QUAD9)
- NameServerConfigGroup::from_ips_clear -> Vec<NameServerConfig::udp_and_tcp>
- builder.build() now returns Result, propagate with map_err
- Error matching: ResolveErrorKind/ProtoErrorKind -> NetError/HickoryDnsError directly
- response.iter() -> response.answers() with RData::TXT/TLSA pattern matching
- TLSA fields now pub, use u8::from(field) instead of method calls

* style(dns): fix rustfmt and clippy::similar_names warnings

Author: Swaagie

Cargo.lock

@@ -36,7 +36,7 @@ reqwest = { version = "0.13", default-features = false, features = [
 ] }
 
 # DNS resolution
-hickory-resolver = { version = "0.25", features = ["tls-ring", "dnssec-ring", "system-config"] }
+hickory-resolver = { version = "0.26", features = ["tls-ring", "dnssec-ring", "system-config"] }
 
 # Cryptography
 sha2 = "0.10"