This was a blind `cargo update` run to get us to the latest on everything.

cargo vet is a tool designed by Mozilla to record audits of Rust
dependencies, and it matches nicely with the philosophy of our diff
review system for Python. It can automatically present diffs and
verify everything has been checked.

== Trust ==

To reduce the number of audits we have to do, we trust the following
organizations:

* Bytecode Alliance (WASM/WASI)
* Google
* Internet Security Research Group (Let's Encrypt, etc.)
* Mozilla
* Zcash

We also trust a number of individual developers, because they are
members of the Rust Project and also trusted by one of the above
organizations we trust. We also trust the two Sequoia-OpenPGP team
members who release things.

All of the individual trust markers have an expiry date to remind us to
re-evalutate trustworthiness every so often. For now we've set the
expiry to 6 months as we're still getting familiar with the system.

== Exemptions ==

There are a number of dependencies that appear in our tree but are not
used on Linux x86_64 so we can ignore them entirely. These are marked in
config.toml with a policy stanza that has an empty criteria block. These
crates have been identified manually, in the future cargo-vet will
hopefully let us specify specific targets we care about and take care of
it automatically.

The remaining exemptions in config.toml have not been reviewed yet; we
can incrementally chip away at them.

== Signing ==

Unlike diff reviews, there is no PGP signing of this file. Because these
are committed into the Git repository directly, we can rely on that as a
measure of trust (unlike random wiki pages).

== CI ==

CI verifies that all dependencies have either been reviewed or exempted,
so there's no need for manual tracking in PR descriptions. Upstream
provides a GitHub Actions template that we use most of.

Fixes #6500.

Demonstrates what an audit looks like on our end, as well as showing
how we can import supporting audits from Bytecode Alliance and Mozilla.