fix(phase2-gaps): remediate bytes vulnerability and add cargo-deny config
- Fix RUSTSEC-2026-0007: bytes crate vulnerability (CVE-2025-47685)
- Updated bytes to v1.11.1 via workspace.dependencies override
- Create deny.toml with permissive license policy
- Allows MIT, Apache-2.0, BSD-2/3-Clause, ISC, Zlib, Unlicense, CC0-1.0, Unicode-3.0, GPL-3.0-only
- Added license to linux-hello-tests crate (was missing)
- Update project license to modern SPDX: GPL-3.0-only (was deprecated GPL-3.0)
Verification:
- cargo audit: PASSED (no vulnerabilities)
- cargo deny check: PASSED (licenses ok, advisories ok, bans ok)
eliott
19a1a09808