Bump AHC to 3.0.1

[AshCorr]

AHC 3.0.1 has a Critical CVE which is causing downstream consumers of dispatch to get vulnerability alerts.

Included in 3.0.1 are a few dependency upgrades in addition to the fix for the CVE. AHC considers 3.0.1 as breaking release as they've added a new method to the abstract RequestBuilderBase class.

Worth noting that the behaviour of the default client has changed slightly in order to fix the CVE. Previously cookies found in the cookie jar would replace cookies in the RequestBuilder, this is no longer the case.

Not quite sure about the branch layout of this repo! Should this change go to the 2.0.x branch?