fix: Resolve security audit failure for rkyv RUSTSEC-2026-0001

- Add .cargo/audit.toml to ignore RUSTSEC-2026-0001 (rkyv vulnerability)
- The rkyv crate is an optional dependency of rust_decimal that we don't use
- We only enable db-tokio-postgres feature, not rkyv serialization
- Updated rust_decimal to explicitly disable default features
- Upgraded mysql_async from 0.34 to 0.36

Taariq Lewis, SerenAI, Paloma, and Volume at https://serendb.com

Author: taariq

.cargo/audit.toml

@@ -0,0 +1,9 @@
+# ABOUTME: Configuration for cargo-audit security scanner
+# ABOUTME: Ignores vulnerabilities in optional dependencies we don't use
+
+[advisories]
+# RUSTSEC-2026-0001: rkyv vulnerability in Arc<T>/Rc<T> from_value on OOM
+# This is an OPTIONAL dependency of rust_decimal that we don't enable.
+# We only use rust_decimal's db-tokio-postgres feature, not rkyv serialization.
+# The rkyv crate appears in Cargo.lock but is never compiled into our binary.
+ignore = ["RUSTSEC-2026-0001"]