fix: improve security advisory descriptions in deny.toml

Improves tracking comments for ignored advisories per #321:
- RUSTSEC-2025-0055: clarify that tracing-subscriber is pulled
  transitively by ark-relations v0.4.0 and needs upstream fix
- RUSTSEC-2025-0141: document bincode alternatives (postcard, bitcode, rkyv)

Refs #321

.deny.toml

@@ -10,8 +10,8 @@ ignore = [
   { id = "RUSTSEC-2023-0071", reason = "Marvin Attack: potential key recovery through timing sidechannels" },
   { id = "RUSTSEC-2024-0388", reason = "`derivative` is unmaintained; consider using an alternative. Use `cargo tree -p derivative -i > tmp.txt` to check the dependency tree." },
   { id = "RUSTSEC-2024-0436", reason = "`paste` has a security vulnerability; consider using an alternative. Use `cargo tree -p paste -i > tmp.txt` to check the dependency tree." },
-  { id = "RUSTSEC-2025-0055", reason = "`tracing-subscriber` v0.2.25 pulled in by ark-relations v0.4.0 - will be addressed before mainnet" },
-  { id = "RUSTSEC-2025-0141", reason = "`bincode` is unmaintained but continuing to use it." },
+  { id = "RUSTSEC-2025-0055", reason = "`tracing-subscriber` v0.2.25 pulled in transitively by ark-relations v0.4.0; fix requires ark-relations to upgrade to tracing-subscriber >=0.3.20. Tracked in #321." },
+  { id = "RUSTSEC-2025-0141", reason = "`bincode` is permanently unmaintained; alternatives include postcard, bitcode, rkyv. Migration tracked in #321." },
   { id = "RUSTSEC-2023-0089", reason = "atomic-polyfill is pulled transitively via risc0-zkvm; waiting on upstream fix (see https://github.com/risc0/risc0/issues/3453)" },
 ]
 yanked = "deny"