docs(release-checklist): add cargo update steps to task list (#6657)

* add cargo update steps to task list

* Fix a formatting issue in the checklist

* Apply suggestions from code review

Co-authored-by: teor <teor@riseup.net>

---------

Co-authored-by: teor <teor@riseup.net>

.github/PULL_REQUEST_TEMPLATE/release-checklist.md

@@ -92,9 +92,9 @@ You can copy the latest checkpoints from CI by following [the zebra-checkpoints
 Sometimes `dependabot` misses some dependency updates, or we accidentally turned them off.
 
 Here's how we make sure we got everything:
-1. Run `cargo update` on the latest `main` branch, and keep the output
-2. If needed, update [deny.toml](https://github.com/ZcashFoundation/zebra/blob/main/book/src/dev/continuous-integration.md#fixing-duplicate-dependencies-in-check-denytoml-bans)
-3. Open a separate PR with the changes, including the output of `cargo update`
+- [ ] Run `cargo update` on the latest `main` branch, and keep the output
+- [ ] If needed, update [deny.toml](https://github.com/ZcashFoundation/zebra/blob/main/book/src/dev/continuous-integration.md#fixing-duplicate-dependencies-in-check-denytoml-bans)
+- [ ] Open a separate PR with the changes, and add the output of `cargo update` to that PR as a comment
 
 ## Change Log
 
@@ -184,6 +184,7 @@ and the updated changelog:
 ## Telling Zebra Users
 
 - [ ] Post a summary of the important changes in the release in the `#arborist` and `#communications` Slack channels
+
 If the release contains new features (`major` or `minor`), or high-priority bug fixes:
 - [ ] Ask the team about doing a blog post