CI: Add workflow that runs `cargo vet --locked`

.github/workflows/audits.yml

@@ -0,0 +1,35 @@
+name: Audits
+
+on: [push, pull_request]
+
+jobs:
+  cargo-vet:
+    name: Vet Rust dependencies
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+
+      - name: Install cargo-vet
+        uses: actions-rs/cargo@v1
+        with:
+          command: install
+          args: --git https://github.com/mozilla/cargo-vet.git cargo-vet
+
+      # This is necessary because `cargo vet --locked` implies `cargo metadata --frozen`,
+      # preventing all network access.
+      - name: Ensure dependency sources are present
+        uses: actions-rs/cargo@v1
+        with:
+          command: fetch
+          args: --locked
+
+      - name: Run cargo vet --locked
+        uses: actions-rs/cargo@v1
+        with:
+          command: vet
+          args: --locked