Update dependencies and refactor random number generation

- Bump versions of several dependencies in Cargo.toml for improved functionality and security, including:
  - socket2 to 0.6
  - nix to 0.31
  - toml to 1.0
  - x509-parser to 0.18
  - dashmap to 6.1
  - rand to 0.10
  - reqwest to 0.13
  - notify to 8.2
  - ipnetwork to 0.21
  - webpki-roots to 1.0
  - criterion to 0.8
- Introduce `OnceLock` for secure random number generation in multiple modules to ensure thread safety and reduce overhead.
- Refactor random number generation calls to use the new `RngExt` trait methods for consistency and clarity.
- Add new PNG files for architectural documentation.

src/proxy/client.rs

@@ -8,7 +8,7 @@ use std::sync::OnceLock;
 use std::sync::atomic::{AtomicBool, Ordering};
 use std::time::Duration;
 use ipnetwork::IpNetwork;
-use rand::Rng;
+use rand::RngExt;
 use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite};
 use tokio::net::TcpStream;
 use tokio::time::timeout;

src/proxy/handshake.rs

@@ -17,7 +17,7 @@ use tracing::{debug, warn, trace};
 use zeroize::{Zeroize, Zeroizing};
 
 use crate::crypto::{sha256, AesCtr, SecureRandom};
-use rand::Rng;
+use rand::RngExt;
 use crate::protocol::constants::*;
 use crate::protocol::tls;
 use crate::stream::{FakeTlsReader, FakeTlsWriter, CryptoReader, CryptoWriter};

src/proxy/masking.rs

@@ -3,7 +3,7 @@
 use std::str;
 use std::net::SocketAddr;
 use std::time::Duration;
-use rand::{Rng, RngCore};
+use rand::{Rng, RngExt};
 use tokio::net::TcpStream;
 #[cfg(unix)]
 use tokio::net::UnixStream;

src/proxy/tests/handshake_security_tests.rs

@@ -1,7 +1,7 @@
 use super::*;
 use crate::crypto::{sha256, sha256_hmac};
 use dashmap::DashMap;
-use rand::{Rng, SeedableRng};
+use rand::{RngExt, SeedableRng};
 use rand::rngs::StdRng;
 use std::net::{IpAddr, Ipv4Addr};
 use std::sync::Arc;

src/proxy/tests/middle_relay_security_tests.rs

@@ -10,7 +10,7 @@ use crate::stats::Stats;
 use crate::stream::{BufferPool, CryptoReader, CryptoWriter, PooledBuffer};
 use crate::transport::middle_proxy::MePool;
 use rand::rngs::StdRng;
-use rand::{Rng, SeedableRng};
+use rand::{RngExt, SeedableRng};
 use std::collections::{HashMap, HashSet};
 use std::net::SocketAddr;
 use std::sync::Arc;

src/proxy/tests/relay_quota_boundary_blackhat_tests.rs

@@ -3,7 +3,7 @@ use crate::error::ProxyError;
 use crate::stats::Stats;
 use crate::stream::BufferPool;
 use rand::rngs::StdRng;
-use rand::{Rng, SeedableRng};
+use rand::{RngExt, SeedableRng};
 use std::sync::Arc;
 use tokio::io::{duplex, AsyncRead, AsyncReadExt, AsyncWriteExt};
 use tokio::time::{timeout, Duration, Instant};

src/proxy/tests/relay_quota_model_adversarial_tests.rs

@@ -3,7 +3,7 @@ use crate::error::ProxyError;
 use crate::stats::Stats;
 use crate::stream::BufferPool;
 use rand::rngs::StdRng;
-use rand::{Rng, SeedableRng};
+use rand::{RngExt, SeedableRng};
 use std::sync::Arc;
 use tokio::io::{duplex, AsyncRead, AsyncReadExt, AsyncWriteExt};
 use tokio::sync::Barrier;

src/proxy/tests/relay_security_tests.rs

@@ -733,7 +733,7 @@ async fn relay_bidirectional_asymmetric_backpressure() {
     );
 }
 
-use rand::{Rng, SeedableRng, rngs::StdRng};
+use rand::{RngExt, SeedableRng, rngs::StdRng};
 
 #[tokio::test]
 async fn relay_bidirectional_light_fuzzing_temporal_jitter() {

src/proxy/tests/route_mode_coherence_adversarial_tests.rs

@@ -1,6 +1,6 @@
 use super::*;
 use rand::rngs::StdRng;
-use rand::{Rng, SeedableRng};
+use rand::{RngExt, SeedableRng};
 use std::sync::Arc;
 
 #[test]

src/proxy/tests/route_mode_security_tests.rs

@@ -1,5 +1,5 @@
 use super::*;
-use rand::{Rng, SeedableRng};
+use rand::{RngExt, SeedableRng};
 use rand::rngs::StdRng;
 use std::sync::Arc;
 use std::sync::atomic::{AtomicU64, Ordering};