openssl vuln with empty domains

The openssl crate has an overread, which can occur when empty domain names are used.

References: https://rustsec.org/advisories/RUSTSEC-2023-0044 https://github.com/sfackler/rust-openssl/issues/1965

I'm not sure if this is a vulnerability in Arti. Can an attacker cause us to try to connect to an empty domain name?

Anyway, I will make an MR to update to the fixed version, in the meantime.