Upgrade ruint, rand, crossbeam-channel and tracing-subscriber to close cargo audit issues

[citizen-stig]

• The main dependency sweep is in Cargo.toml:21. It upgrades:
  • ruint 1.12.1 -> 1.18.0 to fix RUSTSEC-2025-0137
  • crossbeam-channel 0.5.13 -> 0.5.15 to fix RUSTSEC-2025-0024
  • tracing-subscriber 0.3.19 -> 0.3.23 to fix RUSTSEC-2025-0055
  • rand 0.8.5 -> 0.10.1, rand_pcg 0.3.1 -> 0.10.2, rand_distr 0.4.3 -> 0.6.0, quickcheck 1.0.3 -> 1.1.0, lru 0.12.3 -> 0.18.0, and the tokio family to newer patched releases
• twox-hash was switched to default-features = false with explicit std + xxhash3_64. That is not tied to a direct audit finding by itself; it is part of keeping the graph off the old rand 0.8 path.
• torture drops its unused direct bincode dependency in torture/Cargo.toml:6. That is cleanup, not a full bincode remediation, because tokio-serde still pulls bincode 1.3.3.

Why source files changed

• Almost all code edits are API fallout from the rand 0.10 migration:
  • thread_rng() -> rng()
  • gen_range() -> random_range()
  • gen_bool() -> random_bool()
  • WeightedIndex moved to rand::distr::weighted
  • Distribution imports moved under rand::distr
• Representative call sites are in nomt/src/options.rs:35, torture/src/supervisor/config.rs:168, torture/src/supervisor/workload.rs:306, and trickfs/src/latency.rs:7.
• There is no intended fuser upgrade on this branch. Cargo.toml:65 still pins fuser = 0.15.1, and the last commit explicitly reverts accidental fuser migration leftovers.