set up cargo-deny

[o0Ignition0o]

fixes #37

This commit sets up cargo-deny with the following settings:

• Security advisories: warn for unmaintained and yanked crates. deny CVEs except RUSTSEC-2020-0159 (pending The call to localtime_r may be unsound chronotope/chrono#499 to close somehow)
• Licenses: Allow ELv2 compatible licenses: "Apache-2.0", "Apache-2.0 WITH LLVM-exception", "BSD-2-Clause", "BSD-3-Clause", "CC0-1.0", "LicenseRef-ELv2", "ISC", "MIT",. LicenseRef-ELv2 is a placeholder while we're waiting for a SPDX identifier.
• Sources: Explicitly allow references to apollographql and opentelemetry github repositories only.
• Bans: No crates are banned as of yet

This commit also adds cargo-deny -L error check on Linux and OSX in CI. Note it doesn't run on windows, possibly because of an environment variable issue. However this is fine given cargo-deny checks for every targets by default.

[netlify]

👷 Deploy Preview for apollo-router-docs processing.

🔨 Explore the source changes: e50d855

🔍 Inspect the deploy log: https://app.netlify.com/sites/apollo-router-docs/deploys/6184f38241d2e1000889804c

[cecton]

check, lint.... 🤔 should it really be 2 different commands?

I think we should keep lint and move your check there. You can exclude windows from the test there too using #[cfg(not(windows))].

Check would be fine too if it didn't collide with "cargo check" which means checking if it compiles, not linting. (counter intuitive for rust developers)

[o0Ignition0o]

It can indeed be a bit confusing! Let's try to think of a name that conveys we're making sure the codebase complies to our standards, license and fmt and stylewise.

wdyt?

[o0Ignition0o]

Looking at #147 and this, i think this calls for a team discussion about what xtask does and what the CI does. I'm opening an issue or maybe a discussion ?

[o0Ignition0o]

just opened #160 so we dont forget about it!

[cecton]

Purrfect 😸

[o0Ignition0o]

merging this when ci passes!

[o0Ignition0o]

Ok ci doesn't pass anymore 😓 fixing this!