Misc Updates and favicon fixes (#5993)

- Updated crates
- Switched to rustls instead of native-tls
  Some dependency were already using rustls by default or without option.
  By removing native-tls we also have just one way of working here.

Updated favicon fetching which now is able to fetch more icons.
- Use rustls instead of native-tls
  This seems to work better, probably because of tls sniffing
- Use different user-agent and added several other headers
- Added SVG support. SVG Images will be sanitized first before stored or presented.
  Also, a special CSP for images will be sent to prevent scripts etc.. from SVG images.

Signed-off-by: BlackDex <black.dex@gmail.com>

Cargo.toml

@@ -6,7 +6,7 @@ name = "vaultwarden"
 version = "1.0.0"
 authors = ["Daniel García <dani-garcia@users.noreply.github.com>"]
 edition = "2021"
-rust-version = "1.85.0"
+rust-version = "1.86.0"
 resolver = "2"
 
 repository = "https://github.com/dani-garcia/vaultwarden"
@@ -81,7 +81,7 @@ serde = { version = "1.0.219", features = ["derive"] }
 serde_json = "1.0.140"
 
 # A safe, extensible ORM and Query builder
-diesel = { version = "2.2.10", features = ["chrono", "r2d2", "numeric"] }
+diesel = { version = "2.2.11", features = ["chrono", "r2d2", "numeric"] }
 diesel_migrations = "2.2.0"
 diesel_logger = { version = "0.4.0", optional = true }
 
@@ -126,7 +126,7 @@ webauthn-rs = "0.3.2"
 url = "2.5.4"
 
 # Email libraries
-lettre = { version = "0.11.17", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
+lettre = { version = "0.11.17", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "hostname", "tracing", "tokio1-rustls", "ring", "rustls-native-certs"], default-features = false }
 percent-encoding = "2.3.1" # URL encoding library used for URL's in the emails
 email_address = "0.2.9"
 
@@ -134,7 +134,7 @@ email_address = "0.2.9"
 handlebars = { version = "6.3.2", features = ["dir_source"] }
 
 # HTTP client (Used for favicons, version check, DUO and HIBP API)
-reqwest = { version = "0.12.20", features = ["native-tls-alpn", "stream", "json", "gzip", "brotli", "socks", "cookies"] }
+reqwest = { version = "0.12.20", features = ["rustls-tls", "rustls-tls-native-roots", "stream", "json", "deflate", "gzip", "brotli", "zstd", "socks", "cookies", "charset", "http2", "system-proxy"], default-features = false}
 hickory-resolver = "0.25.2"
 
 # Favicon extraction libraries
@@ -142,6 +142,7 @@ html5gum = "0.7.0"
 regex = { version = "1.11.1", features = ["std", "perf", "unicode-perl"], default-features = false }
 data-url = "0.3.1"
 bytes = "1.10.1"
+svg-hush = "0.9.5"
 
 # Cache function results (Used for version check and favicon fetching)
 cached = { version = "0.55.1", features = ["async"] }
@@ -165,7 +166,7 @@ semver = "1.0.26"
 
 # Allow overriding the default memory allocator
 # Mainly used for the musl builds, since the default musl malloc is very slow
-mimalloc = { version = "0.1.46", features = ["secure"], default-features = false, optional = true }
+mimalloc = { version = "0.1.47", features = ["secure"], default-features = false, optional = true }
 
 which = "8.0.0"
 
@@ -185,7 +186,7 @@ opendal = { version = "0.53.3", features = ["services-fs"] }
 anyhow = { version = "1.0.98", optional = true }
 aws-config = { version = "1.8.0", features = ["behavior-version-latest"], optional = true }
 aws-credential-types = { version = "1.2.3", optional = true }
-reqsign = { version = "0.16.3", optional = true }
+reqsign = { version = "0.16.4", optional = true }
 
 # Strip debuginfo from the release builds
 # The debug symbols are to provide better panic traces
@@ -276,7 +277,6 @@ macro_use_imports = "deny"
 manual_assert = "deny"
 manual_instant_elapsed = "deny"
 manual_string_new = "deny"
-match_on_vec_items = "deny"
 match_wildcard_for_single_variants = "deny"
 mem_forget = "deny"
 needless_continue = "deny"