Update Rust dependencies

Bump sqlparser from 0.61.0 to 0.62.0, hmac from 0.12 to 0.13, and sha2 from 0.10 to 0.11. Refresh Cargo.lock and remove SQLPage's direct password-hash dependency by using argon2's re-exported password_hash API.

SQLPage parses every .sql file before execution, rewrites SQLPage variables/functions through the sqlparser AST, and serializes the AST back to SQL. The sqlparser bump therefore changes which SQL text reaches the database.

SQLPage-visible sqlparser 0.62 changes for supported dialects:

- PostgreSQL: SQLPage can now parse and pass through LOCK TABLE; PRIMARY KEY/UNIQUE USING INDEX; parenthesized CREATE TABLE ... (LIKE ... INCLUDING/EXCLUDING DEFAULTS); COMMENT ON for additional object types; two-argument TRIM(string, characters); INTERVAL as an unquoted identifier; SETOF return types; ALTER FUNCTION/ALTER AGGREGATE; xml '...' typed strings; COLLATE after compound identifiers; LATERAL function calls WITH ORDINALITY; and pg_hint_plan-style SELECT optimizer hints in leading comments.

- MySQL: SQLPage can now parse and pass through KEY column options in CREATE TABLE and ORDER BY on single-table UPDATE. Incomplete DIV expressions now become SQLPage parser errors instead of panicking the parser.

- SQLite: incomplete REGEXP/MATCH expressions now become SQLPage parser errors instead of panicking the parser; two-argument TRIM(string, characters) is accepted.

- DuckDB: two-argument TRIM(string, characters) is accepted.

- MSSQL: SQLPage can now parse and pass through THROW, WAITFOR, BEGIN/COMMIT/ROLLBACK TRAN, EXEC(@SQL) dynamic SQL, OUTPUT clauses on INSERT/UPDATE/DELETE, and dollar-prefixed money constants. Statement-starting keywords such as DECLARE, EXEC, INSERT, UPDATE, DELETE, CREATE, ALTER, RETURN, THROW, RAISERROR, and MERGE are no longer consumed as implicit aliases after SELECT items or table factors, so multi-statement T-SQL batches are less likely to be rejected by SQLPage's pre-parser.

- Oracle: SQLPage can now parse and pass through table aliases on INSERT targets and INSERT INTO (<sub-query>) forms.

- Snowflake: SQLPage can now parse and pass through multi-table INSERT, lambda functions, wildcard EXCLUDE fixes, stage-name/COPY parsing fixes, CHANGES clauses, COPY GRANTS, STORAGE LIFECYCLE POLICY, and text data type modifiers.

- Generic ODBC dialect: SQLPage now accepts the same new GenericDialect syntax as sqlparser 0.62, including UPDATE ... ORDER BY, KEY column options, comma TRIM, CTEs without AS, multi-column SELECT aliases, and xml typed strings. It no longer accepts lambda expressions in GenericDialect; databases detected as Snowflake still use SnowflakeDialect and keep lambda parsing.

SQLPage's special CSV upload handling is unchanged: it still intercepts COPY FROM file targets only. SQLPage's HMAC and password-hash outputs are intended to be unchanged; only imports/API wiring changed for the RustCrypto crates.

Lockfile-only runtime dependency updates include rustls 0.23.37 -> 0.23.40, rustls-pki-types 1.14.0 -> 1.14.1, webpki-roots 1.0.6 -> 1.0.7, aws-lc-rs 1.16.2 -> 1.17.0, tokio 1.51.1 -> 1.52.3, and config 0.15.22 -> 0.15.23. No SQLPage code changed for these; the user-visible surface is the upstream TLS/runtime/config bugfix behavior of those crates.

Validation before amend: cargo fmt --all; cargo clippy --all-targets --all-features -- -D warnings; cargo test.

Author: lovasoa