Loosen dependency specifiers

[orf]

This PR loosens the dependency specifiers for this libraries dependencies. Right now there is an exact lock on using Serde 1.0.2, not 1.0.3 or the most recent release 1.0.102.

As this is a library rather than a tool it should have looser dependency specifiers if possible, so it can be consumed by projects that may have a dependency on serde>1.0.2 (due to bugfixes, other libraries etc).

I'm fairly certain things like base64 could be bumped to ~0.11.0 as well, but that can be done another time perhaps.

[ebarnard]

In fact an unadorned version e.g. serde = "1.0.2" corresponds to a caret requirement e.g. serde = "^1.0.2" which means >=1.0.2 and <2.0.0.

A tilde requirement of ~1.0.2 means >=1.0.2 and <1.1.0 which is overly restrictive and not what we want if we assume libraries follow semver.

See https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html for more details.