fix: resolve CI check failures

- Replace serde_yml with serde_norway (RUSTSEC-2025-0068: serde_yml is
  unsound and archived; serde_norway is the recommended maintained fork)
- Remove unused toml dependency (was resolving to v1.1.2 which requires
  edition2024/Rust 1.85, breaking the MSRV 1.80 check)
- Run cargo fmt to fix formatting diffs caught by lint job
- Fix cog commit check to use from_latest_tag so pre-conventional-commits
  history does not cause the check to fail
- Remove semver job: dredge is a binary-only crate with no lib target,
  cargo-semver-checks cannot check it

src/error.rs

@@ -77,7 +77,7 @@ pub enum ApiError {
 
     /// The manifest response body could not be serialized to YAML for output.
     #[error(transparent)]
-    SerializerError(#[from] serde_yml::Error),
+    SerializerError(#[from] serde_norway::Error),
 
     /// The registry returned `405 Method Not Allowed`, typically because
     /// storage deletion has not been enabled on the registry.
@@ -100,7 +100,10 @@ mod tests {
     fn test_dredge_error_from_api_error_not_found() {
         let api_err = ApiError::NotFound;
         let dredge_err = DredgeError::from(api_err);
-        assert!(matches!(dredge_err, DredgeError::ApiError(ApiError::NotFound)));
+        assert!(matches!(
+            dredge_err,
+            DredgeError::ApiError(ApiError::NotFound)
+        ));
     }
 
     /// Test that `DredgeError::from(ApiError::AuthorizationFailed)` works.