Relax constraints on dependencies to minimal semver

[huonw]

This relaxes the semver constraints on the dependencies to be the minimal that compiles. This allows more flexible integration of gha-toolkit into existing codebases, that may already use some of the dependencies, at lower versions.

For example, I'm experimenting with integrating gha-toolkit into https://github.com/pantsbuild/pants, which already depends on reqwest 0.11.11 and thiserror 1.0.30 (among others). Before this PR, gha-toolkit previously required reqwest >= 0.11.13 and thiserror >= 1.0.37, which means those dependencies would have to be duplicated. This works fine with cargo, but costs compile time and potential confusion.

I've chosen the version constraints here by:

1. stripping the existing constraints down to the minimal semver (e.g. 0.11 for reqwest)
2. running cargo +nightly update -Z minimal-versions to have cargo lock to the minimal versions
3. running cargo build, noticing errors and then bumping an appropriate minimal version constraint (for instance, #[error(transparent)] requires https://github.com/dtolnay/thiserror/releases/tag/1.0.7, so I had to increase the thiserror = "1" constraint to thiserror = "1.0.7")
4. repeated from step 2, until it compiled

This change shouldn't affect any existing users of the library, since this is strictly more permissive: a locked set of dependencies for users of gha-toolkit 0.3.1 will also satisfy these new constraints.

(Thank you for gha-toolkit!)