Figure out how to bump rust dependencies without affecting the prev dependency tree

[sisuresh]

For example, core uses ecdsa 0.16.7, and env used 0.16.8. This was fine until the secp256 change, when soroban-env-host took a direct dependency on the ecdsa crate (among others that have the same issue). We now want the core lock file to specify both ecdsa 0.16.7 (for prev env) and 0.16.8 (for curr env), but cargo only allows duplicate crates if the major version is different, or in this case where it's zero, the minor versions need to be different.

We don't want to update the dependencies for the current protocols host, so we ended up pinning the env version to what was specified in the lock file, but this prevents us from bumping dependencies.