style: A rust library should not pin exact versions (use bounds instead)

[macisamuele]

Currently the library does define very tight dependencies and this is not common in libraries.
Libraries should be able to use any version of the dependencies that are compatible with the code.

Think about the case of: we're depending on serde-json==1.0.48 and new versions are released (let's say 1.0.53) and the new version does fix some bug or enhance performances.
With the current Cargo.toml definition users of jsonschema library will not have benefits of the serde-json improvements and even worst they might end-up with binaries that are embedding multiple version of the serder-json library.

For this reason we should describe what are the minimum versions required for the code to compile and perform properly (maybe we depend on an higher version due to bug fixes rather than exposed features).

If this library will be used to build binary applications they will be responsible for defining the exact list of used versions (via Cargo.lock) and if this library will be used as static library for FFI applications (ie. Python binding) then the project defining the static library will be responsible for pinning the dependencies.

Some reading is on https://doc.rust-lang.org/cargo/faq.html#why-do-binaries-have-cargolock-in-version-control-but-not-libraries