Upgrade reqwest to 0.12

[legoktm]

Status

Ready for review

Description

There's a small change in how reqwest errors are printed (see seanmonstar/reqwest#2199), so handle that in our code and update one test accordingly.

Import a number of audits and trust markers, and the rest have been audited.

Fixes #1985.

Test Plan

• CI passes
• Visual review

Checklist

If these changes modify code paths involving cryptography, the opening of files in VMs or network (via the RPC service) traffic, Qubes testing in the staging environment is required. For fine tuning of the graphical user interface, testing in any environment in Qubes is required. Please check as applicable:

• These changes should not need testing in Qubes

If these changes add or remove files other than client code, the AppArmor profile may need to be updated. Please check as applicable:

• No update to the AppArmor profile is required for these changes

If these changes modify the database schema, you should include a database migration. Please check as applicable:

• No database schema changes are needed

[rocodes]

@legoktm this looks ready to me, I assume the WIP Status is a holdover from before your last commit?

[legoktm]

@rocodes oops yep, all set to go here

[rocodes]

LGTM

• Went through the update + cargo vet process, confirmed the same hashes and version numbers as in this PR (except hyper-util, on version 0.1.5 as of recently)
• Confirmed the @legoktm-audited crates are the ones for whom we don't have a trusted contributor - thanks for auditing :)
• One thing that mildly puzzled me, thinking of performing this process in the future, is that smallvec doesn't show up when I run cargo vet, even though it is added to the lock file (and I see that you've vetted it @legoktm), and I would have expected to see it flagged there.

[legoktm]

Re: smallvec, if I remove my audit from the toml file and re-run cargo vet, then I see:

diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock
index d6cd7f29..23f2f9c7 100644
--- a/supply-chain/imports.lock
+++ b/supply-chain/imports.lock
@@ -1394,6 +1394,12 @@ criteria = "safe-to-deploy"
 delta = "0.1.22 -> 0.1.23"
 aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
 
+[[audits.zcash.audits.smallvec]]
+who = "Daira-Emma Hopwood <daira@jacaranda.org>"
+criteria = "safe-to-deploy"
+delta = "1.11.1 -> 1.13.2"
+aggregated-from = "https://raw.githubusercontent.com/zcash/librustzcash/main/supply-chain/audits.toml"
+
 [[audits.zcash.audits.tinyvec_macros]]
 who = "Jack Grigg <jack@z.cash>"
 criteria = "safe-to-deploy"

which I assume they published between my audit and now.

[rocodes]

🤦 That makes sense, of course - even had a hint with the hyper-util version bump and didn't clue in. ty!