security(deps): remove vulnerable xmas-elf dependency via embuild (fixes #399)

Removes the unused "elf" feature from the embuild dependency in
firmware/zeroclaw-esp32/Cargo.toml.

Vulnerability Details:
- Advisory: GHSA-9cc5-2pq7-hfj8
- Package: xmas-elf < 0.10.0
- Severity: Moderate (insufficient bounds checks in HashTable access)

Root Cause:
- The embuild dependency (version < 0.33) relies on xmas-elf ~0.9.1
- The "elf" feature was enabled but not actually used

Fix:
- Removed features = ["elf"] from embuild dependency
- The build.rs only uses embuild::espidf::sysenv, which doesn't require elf
- xmas-elf dependency is now completely eliminated from Cargo.lock

Verification:
- cargo build passes successfully
- grep "xmas-elf" firmware/zeroclaw-esp32/Cargo.lock confirms removal

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

firmware/zeroclaw-esp32/Cargo.lock

@@ -483,7 +483,6 @@ dependencies = [
  "tempfile",
  "thiserror 1.0.69",
  "which",
- "xmas-elf",
 ]
 
 [[package]]
@@ -1806,21 +1805,6 @@ dependencies = [
  "wasmparser",
 ]
 
-[[package]]
-name = "xmas-elf"
-version = "0.9.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "42c49817e78342f7f30a181573d82ff55b88a35f86ccaf07fc64b3008f56d1c6"
-dependencies = [
- "zero",
-]
-
-[[package]]
-name = "zero"
-version = "0.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2fe21bcc34ca7fe6dd56cc2cb1261ea59d6b93620215aefb5ea6032265527784"
-
 [[package]]
 name = "zeroclaw-esp32"
 version = "0.1.0"

firmware/zeroclaw-esp32/Cargo.toml

@@ -22,7 +22,7 @@ serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 
 [build-dependencies]
-embuild = { version = "0.31", features = ["elf"] }
+embuild = "0.31"
 
 [profile.release]
 opt-level = "s"