CI: Add cargo-deny

[emilk]

cargo deny protects against:

• Security advisories
• Duplicate dependencies (which adds compilation time and code bloat)
• Copy-left licenses, such as GPL

cargo-deny requires a Cargo.lock file. It doesn't have to be checked in, but by checking it in we explicitly say "there is a combination of crate version we can use that produces no duplicate dependencies, no copy-left licenses, and no security advisories". With an implicit Cargo.lock (not checked in) we would get the latest version of all crates at the time that the CI is run, which mean the CI can fail spuriously if a dependency is updated to a new version that, for instance, pulls in a duplicated dependency.

This PR does add some maintenance burden, and I understand if that isn't exactly appealing. However, the use of cargo-deny is a promise to users that this crate is a nice citizen in the rust eco-system, that cares about avoiding duplicate dependencies etc.

[PolyMeilex]

Sorry for the delay, I kinda forgot about this one.
Not a huge fan of commiting Cargo.lock but the compromise sounds resonable so LGTM
Thanks!