Draft: Update vulnerable dependencies

cargo audit reports 4 vulnerabilities,

1. RUSTSEC-2021-0115: #[zeroize(drop)] doesn't implement Drop for enums
   • update zeroize_derive from 1.0.1 to 1.2.0
   • This is windows only, so the update should not be an issue.
2. RUSTSEC-2021-0093: Data race in crossbeam-deque
   • Update crossbeam-deque from 0.8.0 to 0.8.1.
   • Debian has 0.7.2, but also sq does not depend on crossbeam-deque, so I hope this is ok.
3. RUSTSEC-2021-0079: "Integer overflow in hyper's parsing of the Transfer-Encoding header leads to data loss"
   • Only relevant for the net crate.
   • Update hyper from 0.13.10 to 0.14.0
   • Update hyper-tls from 0.4 to 0.5
   • The updated hyper and hyper-tls require tokio 1.0, and sequoia-net has a dev-dependency on tokio, so update that, too.
4. RUSTSEC-2021-0078: "Lenient hyper header parsing of Content-Length could allow request smuggling"
   • See 3.

Updating sequoia-net's tokio to 1.0 means that the sequoia workspace now depends on both tokio 0.2 and its dependencies, and tokio 1.0 and its dependencies. The aggregate number of dependencies rises from 265 to 274, and build times increase, too. We should update the other uses of tokio to 1.0, too.

This also adds a cargo audit CI-job, so we can notice earlier. cargo-audit should be added to the docker image, but please discuss first if we want that job :)