Integrate with cargo-audit
Phase one:
- Get security information for a crate
- When the latest version of a crate is insecure, slap huge warning on crate's page
- When some older versions are insecure, mark them as such (similarly to yanked)
Phase two (more complex, since requires having dependency resolution in the project):
- When a crate uses a dependency that is insecure (in the latest version matching its requirement), mark the whole crate as insecure.
- When a crate uses a dependency that is insecure (any version matching its requirement, but not one that's usually picked), just warn next to the dependency.