Replace `reqwest` dependency to avoid vendoring external software

[davidbtadokoro]

Context:

As mentioned in #19, the dependency we use to make HTTP requests, reqwest, is dependent on openssl, which causes a lot of portability and distribution #18. Commit 565e65c solves this, by vendoring libssl.

However, in offline discussions with @rodrigosiqueira, I concluded that:

1. We must avoid the use of vendored software unless we have a strong motive to
2. patch-hub only does simple blocking HTTP requests. reqwest is overkill, which means we may not need openssl after all

Proposal:

Replace reqwest with a dependency that is more suitable for our needs, that doesn't require us to vendor external software. The curl crate seems like a good option...

Setup:

• Project branch: unstable
• Project commit hash: 7379a9a
• rustc version: 1.80.0
• cargo version: 1.80.0

[davidbtadokoro]

After looking further on the matter, the reqwest dependency has a bunch of optional features enabled by default, unless you explicitly pass the cargo flag default_features = false. Nevertheless, there is still the need to use a TLS implementation, because HTTP requests to Lore API redirect to HTTPS scheme.

By combining the default_features = false flag with enabling the feature rustls, we don't need to vendor openssl, while also still solving #18 and #19.

Going to push the commit soon to the unstable branch.