ci(hailo): ignore RUSTSEC-2026-0115/0116/0117 (iter 229)

Three new advisories published 2026-05-01 on imageproc 0.25.0
(unsound bounds-check warnings). Pulled in transitively via
ruvector-scipix — outside the hailo-backend's scope.

Failing job:
  cargo-audit (cluster) on PR #413 (a88edd6b9):
    error: 3 denied warnings found!
    Crate: imageproc 0.25.0
    Dependency tree: imageproc 0.25.0 └── ruvector-scipix 2.2.0

The hailo crates don't pull imageproc themselves (the cluster's
deny.toml + the per-crate target/ confirm). Same pattern as the
existing paste / rustls-pemfile / bincode ignores: a transitive
dep we don't control, on a chain unrelated to hailo's audit
surface, captured here so the cluster's audit gate doesn't get
held hostage by upstream churn.

ruvector-scipix should track the imageproc upgrade separately —
out of band from this PR.

Co-Authored-By: claude-flow <ruv@ruv.net>

.github/workflows/hailo-backend-audit.yml

@@ -52,7 +52,10 @@ jobs:
           cargo audit --deny warnings \
               --ignore RUSTSEC-2024-0436 `# paste — unmaintained, transitive via candle` \
               --ignore RUSTSEC-2025-0134 `# rustls-pemfile — transitive via tonic-tls` \
-              --ignore RUSTSEC-2025-0141 `# bincode 1.x — workspace-wide pin via rkyv etc.`
+              --ignore RUSTSEC-2025-0141 `# bincode 1.x — workspace-wide pin via rkyv etc.` \
+              --ignore RUSTSEC-2026-0115 `# imageproc 0.25 — unsound, transitive via ruvector-scipix; outside hailo scope` \
+              --ignore RUSTSEC-2026-0116 `# imageproc 0.25 — unsound, transitive via ruvector-scipix; outside hailo scope` \
+              --ignore RUSTSEC-2026-0117 `# imageproc 0.25 — unsound, transitive via ruvector-scipix; outside hailo scope`
 
   deny:
     name: cargo-deny (license + bans + sources)