Air-gapped builds using Cargo

[kchudy]

1. Modify the cargo build process to only use a local mirror.
2. Cargo never reaches the internet for packages.
3. Use https://kellnr.io for the mirror.

Possible development workflow:

1. Developer uploads the dependencies to Kellnr. The developer checks the dependencies manually, or there's an automatic check before the upload.
2. Developer creates a PR with a modified Cargo.lock.
3. An automatic job checks all dependencies from Cargo.lock for security issues.
4. If passed, an automatic job updates Kellnr with new dependencies.
5. The solution gets built using Kellnr as crates mirror. Cargo can be configured to operate on a replaced creates https://doc.rust-lang.org/cargo/reference/source-replacement.html#configuration

[moubctez]

Kellnr can put in proxy mode, but that doesn't work as an air-gapped environment, but a proxy.
It's better to use https://github.com/dhovart/cargo-local-registry to sync to a private storage, then serve the storage using a HTTP server.