deps: reduce hf-hub's transitive dependencies

[biswapanda]

Overview

Replace the default native-tls/OpenSSL backend for hf-hub with the pure-Rust rustls-tls + ureq feature set, removing a large number of platform-specific and OpenSSL-related transitive dependencies.

This pr removes native-tls and openssl-sys from the dependency tree

Related failure on dynamo side -
https://github.com/ai-dynamo/dynamo/actions/runs/23097117690/job/67091453263?pr=7387

Related comment in dynamo PR: ai-dynamo/dynamo#7387 (comment)

Details

Issue: The fastokens crate (v0.1.0) declares hf-hub = "0.4.3" with default features, which pulls in native-tls and openssl-sys. Dynamo's deny.toml explicitly bans both crates (lines 63-64), causing cargo-deny to fail in CI.

The dependency chain is:

fastokens -> hf-hub (default features) -> ureq -> native-tls -> openssl-sys

Dynamo's own hf-hub declaration uses default-features = false with rustls-tls, but Cargo's feature unification merges both — so native-tls still gets enabled.

Before:

hf-hub = "0.4.3"

After:

hf-hub = { version = "0.4.3", default-features = false, features = ["rustls-tls", "ureq"] }

This disables the default features (which include native-tls, tokio, num_cpus, etc.) and opts into the pure-Rust TLS stack (rustls + ureq) instead. The result is:

native-tls, openssl-sys, hyper-tls, tokio-native-tls, and several other platform-specific crates are completely removed from the dependency tree
The cargo-deny ban is no longer triggered
576 lines removed from Cargo.lock, 94 added — a significant dependency reduction overall