Replace `serde_cbor` with `ciborium` due to security vulnerability

- `serde_cbor` is unmaintained and has known [security issues](https://rustsec.org/advisories/RUSTSEC-2021-0127.html)
- `ciborium` is an actively maintained CBOR library