chore(deps): update Rust dependencies for security

- Bump rand 0.9.2 -> 0.9.4 (addresses unsoundness alert)
- Update getrandom, fastrand, and other transitive deps via cargo update

Note: rand 0.8.5/0.7.3 remain as indirect deps of upstream crates
(Tauri/winit/etc) and cannot be forced to 0.9.x due to API breakage.
The vulnerable code path (custom logger calling rand::rng()) is not
exercised by ClawPanel.

Author: 1186258278