Update dependencies and commit lockfile

[fkaa]

Should fix #22

[kpcyrd]

Please reconsider this, the lock file is needed for reproducible builds and the build recently broke because cargo wasn't able to find a working combination of dependencies anymore since no working lock file was commited. It also makes it harder to reason about security because it makes knowing the version/git commit the binary was built from insufficient to know if the binary does or doesn't use a vulnerable dependency.

[lu-zero]

I'm happy to add it on releases or let other people manage the releases and updating the Cargo.lock accordingly. I'm against having in in the master branch since it cause lots of spurious commits.

Distributions tend to hate having lockfiles in the way since they prefer to select themselves the dependencies, so the need for it is quite varying depending on who you ask.