Pin all dependencies to exact versions for 0.6.1

[greg0x]

Summary

Pin every dependency to an exact =x.y.z version so the published 0.6.1
artifact has a fully deterministic resolution surface, and patch releases
of upstream crates cannot move the verifying-key shape or any in-circuit
primitive without a corresponding voting-circuits release.

Why

Part of the supply-chain hardening pass following a supply-chain review of
the valar-* dependency chain. The review flagged that caret pins on crypto-
and circuit-shaping dependencies allow any 0.x.* patch to land silently via
cargo update. For circuits, that risk is doubled — a patch bump to
halo2_proofs, halo2_gadgets, halo2_poseidon, pasta_curves, sinsemilla, ff,
or group can move in-circuit behaviour even when the public Rust API is
stable.

With exact pins, any movement on those crates becomes a deliberate
voting-circuits release, which makes auditing the verifying key easy to
gate on.

Changes

• version = "0.6.0" → "0.6.1"
• All dependencies and dev-dependencies switched from "x.y" / "x.y.z"
  constraints to "=x.y.z"
• Cargo.lock reflects the version bump only — no code changes
• CHANGELOG updated under v0.6.1 with the security-pin note

[ValarDragon]

Lets keep the comment?

[greg0x]

ok, during iteration this has become a noop