cargo: bump gix to 0.71.0

Fix GHSA-794x-2rpg-rfgr.

`gix::Repository::work_dir` was renamed to `workdir` (though strangely
not the `gix::ThreadSafeRepository` version), and `lossy_config`
is now off by default in all configurations.

Author: emilazy

CHANGELOG.md

@@ -8,6 +8,11 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+### Security fixes
+
+* Fixed SHA-1 collision attacks not being detected.
+  ([GHSA-794x-2rpg-rfgr](https://github.com/jj-vcs/jj/security/advisories/GHSA-794x-2rpg-rfgr))
+
 ### Release highlights
 
 ### Breaking changes