Upgrade saloonphp/saloon to v4 — 3 CVEs affecting v3.x

`saloonphp/saloon` <4.0.0 has 3 published advisories, including a High (8.1) insecure deserialization in AccessTokenAuthenticator enabling RCE via object injection ([CVE-2026-33942](https://github.com/advisories/GHSA-rf88-776r-rcq9)).
Full list: https://packagist.org/packages/saloonphp/saloon/advisories
Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4