build(deps): update to rand 0.9 is possible

Except for code using ed25519-dalek, since we are blocked by them.

Also tweak RNG source so only key generation uses `OsRng`. PoW nonce
generation only need unpredictability thus `ThreadRng` suffices.

See: https://github.com/dalek-cryptography/curve25519-dalek/issues/731

blahctl/Cargo.toml

@@ -8,7 +8,7 @@ anyhow = "1"
 clap = { version = "4", features = ["derive"] }
 ed25519-dalek = { version = "2", features = ["pkcs8", "pem", "rand_core"] }
 humantime = "2"
-rand = "0.8"
+rand08 = { package = "rand", version = "0.8" }
 reqwest = { version = "0.12", features = ["json"] }
 rusqlite = { version = "0.34", features = ["rusqlite-macros"] }
 serde_jcs = "0.1.0"

blahctl/src/main.rs

@@ -11,7 +11,6 @@ use ed25519_dalek::pkcs8::spki::der::pem::LineEnding;
 use ed25519_dalek::pkcs8::{DecodePrivateKey, DecodePublicKey, EncodePrivateKey};
 use ed25519_dalek::{SigningKey, VerifyingKey};
 use humantime::Duration;
-use rand::thread_rng;
 use reqwest::Url;
 use rusqlite::{Connection, named_params, prepare_and_bind};
 use tokio::runtime::Runtime;
@@ -353,7 +352,7 @@ fn main_id(cmd: IdCommand) -> Result<()> {
             id_key_file,
             id_url,
         } => {
-            let id_key_priv = SigningKey::generate(&mut thread_rng());
+            let id_key_priv = SigningKey::generate(&mut rand08::rngs::OsRng);
             let id_key = PubKey::from(id_key_priv.verifying_key());
 
             let act_key_desc = UserActKeyDesc {