Update dependencies and refactor random number generation

- Bump versions of several dependencies in Cargo.toml for improved functionality and security, including:
  - socket2 to 0.6
  - nix to 0.31
  - toml to 1.0
  - x509-parser to 0.18
  - dashmap to 6.1
  - rand to 0.10
  - reqwest to 0.13
  - notify to 8.2
  - ipnetwork to 0.21
  - webpki-roots to 1.0
  - criterion to 0.8
- Introduce `OnceLock` for secure random number generation in multiple modules to ensure thread safety and reduce overhead.
- Refactor random number generation calls to use the new `RngExt` trait methods for consistency and clarity.
- Add new PNG files for architectural documentation.

src/config/load.rs

@@ -5,7 +5,7 @@ use std::hash::{DefaultHasher, Hash, Hasher};
 use std::net::{IpAddr, SocketAddr};
 use std::path::{Path, PathBuf};
 
-use rand::Rng;
+use rand::RngExt;
 use serde::{Deserialize, Serialize};
 use shadowsocks::config::ServerConfig as ShadowsocksServerConfig;
 use tracing::warn;
@@ -979,7 +979,7 @@ impl ProxyConfig {
         if !config.censorship.tls_emulation
             && config.censorship.fake_cert_len == default_fake_cert_len()
         {
-            config.censorship.fake_cert_len = rand::rng().gen_range(1024..4096);
+            config.censorship.fake_cert_len = rand::rng().random_range(1024..4096);
         }
 
         // Resolve listen_tcp: explicit value wins, otherwise auto-detect.