Add CPE to cargo dependency metadata

[sophiewigmore]

Summary

In #181 we added the jam update-dependencies command to keep our buildpack dependencies up to date with our new dependency server. This PR results in a buildpack.toml with the same fields on metadata.dependency that we have always had.

This PR adds in the support for the new CPE field (common platform enumeration) field on each dependency, since this is important for vulnerability lookup.

The resulting buildpack.toml dependencies will look like:

[[metadata.dependencies]]	
  cpe = "dependency-specific-cpe"	
  id = "dependency-id"	
  name = "Dependency Name"	
  sha256 = "sha"	
  source = "source-uri"	
  source_sha256 = "source-sha"	
  stacks = ["stack"]	
  uri = "dependency-server-uri"	
  version = "version"

Use Cases

Our dependency server provides CPE notation for each dependency so that we can look up specific vulnerabilities in a NIST database, for example. This is helpful information to surface, so that we can include it in a bill of materials down the line.

Checklist

• I have viewed, signed, and submitted the Contributor License Agreement.
• I have linked issue(s) that this PR should close using keywords or the Github UI (See docs)
• I have added an integration test, if necessary.
• I have reviewed the styleguide for guidance on my code quality.
• I'm happy with the commit history on this PR (I have rebased/squashed as needed).