Refactor dependencies and enhance CI with cargo-audit

[kunlinglio]

No description provided.

[Copilot]

Pull request overview

This PR removes the blake3 dependency in favor of a std-based hash for config signatures, tightens Rust dependency feature flags to reduce build size, and updates CI to run cargo audit for dependency vulnerability scanning.

Changes:

• Replace blake3 config signature hashing with a DefaultHasher-based implementation.
• Refine serde and tokio dependency feature flags (and drop blake3) in Cargo.toml, updating Cargo.lock accordingly.
• Add cargo audit runs to the GitHub Actions workflow and document the changes in the changelog.

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
src/config.rs	Switches config signature hashing away from blake3 to a std hasher helper.
Cargo.toml	Removes blake3 and narrows serde/tokio features to reduce dependency footprint.
Cargo.lock	Reflects dependency graph changes from removing blake3 and adjusting Tokio features.
CHANGELOG.md	Notes dependency refactor and addition of cargo audit in CI.
.github/workflows/test.yaml	Installs and runs cargo audit for both the root crate and the Zed extension.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The selected Tokio feature set drops rt-multi-thread, but the codebase uses #[tokio::test] in multiple modules and also has an optional #[tokio::main(flavor = "multi_thread")] entrypoint behind the multi-thread crate feature. #[tokio::test] defaults to the multi-thread runtime and will fail to compile without tokio/rt-multi-thread enabled (and the multi-thread feature will also fail when enabled). Consider either enabling rt-multi-thread (optionally gated behind the existing multi-thread feature), adding it via a dev-dependency-only Tokio feature set for tests, or updating tests to use #[tokio::test(flavor = "current_thread")].