add --include-unused-deps

[skilly-lily]

Adds --include-unused-deps to the CLI options.

Fixes fossas/team-analysis#785

Dependencies can have zero or more environments out of the following:

• Production
• Test
• Development
• Other x, where x is some arbitrary text string.

A dependency is considered a "Used" when it satisfies 1 or more of the following criteria:

• The dep has no environments.
• The dep has a Production environment.
• The dep has an Other x environment, for any value of x.

Without the new flag enabled, only Used dependencies are included in the final graph.
With the new flag enabled, none of the above logic is used, and all dependencies are included.

If/when we implement and enable server-side filtering, we will accept and ignore this option.

I tested using this Cargo.toml file (minimal trasitive deps).

[package]
name = "cargotest"
version = "0.1.0"
edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
anyhow = "1.0.44"

[dev-dependencies]
num_cpus = "1.13.0"

[build-dependencies]
fnv = "1.0.7"

[meghfossa]

LGTM.

From reading the code it seems straight forward (so did not repro locally)

[meghfossa]

we should add this in our user guide similar to: https://github.com/fossas/spectrometer/blob/master/docs/userguide.md#scanning-archive-contents

[skilly-lily]

Actually, I want to NOT do that. I'd prefer if this wasn't easily discoverable. This is a stopgap between the current state of things and server-side retroactive filtering.

[skilly-lily]

If we find that we would rather have it documented, then we can add it later, but I'm worried about people using it when they don't need it and then complaining. We get this question a lot, but usually, the answer we resolve to is "you never needed it in the first place". I'd rather keep that mode of operation than just default people to using this. Especially considering that they can't take it back, they instead have to re-analyze without the flag.