bump reqwest to 0.12

[im-vinicius]

Solves #859 and #860. Note that this PR changed [dev-dependencies], but not [dependencies] .

New CI runs on main branch for pingora (1.91.1) are broken due to the two issues above. The error and the dependency tree can be found below.

Crate:     rustls-webpki
Version:   0.101.7
Title:     Name constraints for URI names were incorrectly accepted
Date:      2026-04-14
error: 2 vulnerabilities found!
warning: 5 allowed warnings found
ID:        RUSTSEC-2026-0098
URL:       https://rustsec.org/advisories/RUSTSEC-2026-0098
Solution:  Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6
Dependency tree:
rustls-webpki 0.101.7
└── rustls 0.21.12
    ├── tokio-rustls 0.24.1
    │   ├── reqwest 0.11.27
    │   │   ├── pingora-proxy 0.8.0
    │   │   │   └── pingora 0.8.0
    │   │   ├── pingora-core 0.8.0
    │   │   │   ├── pingora-proxy 0.8.0
    │   │   │   ├── pingora-load-balancing 0.8.0
    │   │   │   │   ├── pingora-proxy 0.8.0
    │   │   │   │   └── pingora 0.8.0
    │   │   │   ├── pingora-cache 0.8.0
    │   │   │   │   ├── pingora-proxy 0.8.0
    │   │   │   │   └── pingora 0.8.0
    │   │   │   └── pingora 0.8.0
    │   │   └── pingora 0.8.0
    │   └── hyper-rustls 0.24.2
    │       └── reqwest 0.11.27
    ├── reqwest 0.11.27
    └── hyper-rustls 0.24.2

From https://github.com/cloudflare/pingora/actions/runs/24522708067/job/71684542097?pr=862

[drcaramelsyrup]

(Note we're also working on this internally.)