Unmaintained transitive dependencies via json-syntax

[HastD]

Description

A dependency of sigstore, the json-syntax crate, seems to be largely unmaintained (no releases in over a year), and its transitive dependencies include locspan-derive (unmaintained), proc-macro-error (unmaintained), and syn v1 (superseded years ago by syn v2, and removing locspan-derive will allow sigstore to get rid of syn v1 as a transitive dependency).

It looks like json-syntax is only used in one place, to produce a canonicalized JSON string in src/bundle/models.rs. I propose replacing json-syntax with the crate serde_json_canonicalizer, an RFC 8785-compatible JSON serializer that's actively maintained and has minimal dependencies aside from serde and serde_json (which are already dependencies of sigstore).