chore: ignore RUSTSEC-2023-0071

The `rsa` library is used as a dependency of `openidconnect 3.4.0`,
so unless we want to replace that no further action is available until
either:

- openidconnect switches to a different dependency
- rsa releases a fixed version

Output from `cargo deny check`:

```
= ID: RUSTSEC-2023-0071
= Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0071
= ### Impact
  Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.

  ### Patches
  No patch is yet available, however work is underway to migrate to a fully constant-time implementation.

  ### Workarounds
  The only currently available workaround is to avoid using the `rsa` crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine.

  ### References
  This vulnerability was discovered as part of the "[Marvin Attack]", which revealed several implementations of RSA including OpenSSL had not properly mitigated timing sidechannel attacks.

  [Marvin Attack]: https://people.redhat.com/~hkario/marvin/
= Announcement: RustCrypto/RSA#19 (comment)
= Solution: No safe upgrade is available!
```

(cherry picked from commit b8745b2)

Author: Wolfgang Silbermayr

deny.toml

@@ -48,6 +48,14 @@ notice = "deny"
 # output a note when they are encountered.
 ignore = [
     "RUSTSEC-2020-0071",
+    # Marvin Attack: potential key recovery through timing sidechannels
+    # in `rsa 0.9.3`.
+    # Solution: No safe upgrade is available!
+    #
+    # This library is used as a dependency of `openidconnect 3.4.0`, so unless we
+    # want to replace that no further action is available until either:
+    # - openidconnect switches to a different dependency
+    # - rsa releases a fixed version
     "RUSTSEC-2023-0071",
 ]
 # Threshold for security vulnerabilities, any vulnerability with a CVSS score