SECURITY: Bump Rspack to >1.0.0

As published in [GHSA-84jw-g43v-8gjm](https://github.com/web-infra-dev/rspack/security/advisories/GHSA-84jw-g43v-8gjm), there are some security issues happened in rspack, So we should update it, but it seems the new update has some breaking changes and will break our [bundler script](https://github.com/metacall/metassr/blob/master/crates/metassr-bundler/src/bundle.js) (#34)