New state:
`Vetting Succeeded (67 fully audited, 45 partially audited, 157 exempted)`

Similar to how we've done in a few of our other reviews, so we can focus on audits of more unknown crates and publishers.

Also excluded auditing for a few additional crates that are not used in practice (unsupported/unused targets).

Current audit state:

`Vetting Succeeded (136 fully audited, 26 partially audited, 107 exempted)`

Reason: When running `cargo vendor`, some of the dependencies have
"target" directories that should *not* be ignored: platforms-3.0.2 and cargo-0.69.1

Project linter can be triggered - this PR fixes it.

This is a massive refactor that should be split up into multiple PRs,
but I am lazy, so that won't happen.

## `crates-index` -> `tame-index`

The `crates-index` crate had a problematic API that lead to duplicating
functionality present in the crate because it wasn't exposed publicly,
and was actually causing massive slowdowns when running cargo-deny in
eg. CI since `krates` was downloading the entire git index because of
how the default functionality in `crates-index` worked, thus I made
[`tame-index`](https://github.com/EmbarkStudios/tame-index) to better
suit the needs of this crate, as well as
[`cargo-fetcher`](https://github.com/EmbarkStudios/cargo-fetcher). Also,
it is now unfortunately
[unmaintained](frewsxcv/rust-crates-index#132).

This also means that scenarios such as #515 are _much_ easier to both
implement and support due to better testing since `tame-index` supports
[local
registry](https://doc.rust-lang.org/cargo/reference/source-replacement.html#local-registry-sources)
source replacement.

## `git2` -> `gix`

`tame-index` uses `gix` for its git implementation because
git2/openssl/openssh are...let's just say I'm not a fan. This PR now
replaces the usage of `git2`, for syncing advisory databases, with `gix`
removing (and adding) a lot of dependencies.

Resolves: #361
Resolves: #515
Resolves: #522
Resolves: #446 (I think this was already resolved in a previous version,
but the issue was still open)
Resolves: #435 (I have no idea if this is actually fixed, but I have no
repro, and we aren't using git2 any longer, so maybe?)
Resolves: #439 (I was never able to repro, but this is no longer
applicable as we never fetch a specific branch for a git remote for
either advisory databases nor git registry indices, but rather just use
the remote `FETCH_HEAD`)
Closes: #295 (This PR removes cargo support altogether, as it is
currently tied to openssl/curl/etc and not currently worth pursuing)

This PR resolves #210 by adding `osi` and `fsf` as new values for
`allow-osi-fsf-free`. This allows for the use case where a cargo-deny
user wants to blanket allow all FSF licenses while not caring about OSI
(or vice versa).

I had initially patterned the new license checks on `OsiOnly` and
`FsfOnly` before realizing that perhaps deny!() didn't make sense here,
and I removed it (or so I thought). It seems I blundered and left one
in--sorry.

I believe this deny!() shouldn't be here.

Apologies for the mistake... I thought I'd double-checked my diff but it
seems I did a poor job of it.

(Also, thanks for catching that other mistake I made in #531 Jake)

- Fixup license clarification
- Add clarification example
- Add test

Resolves: #521 
Resolves: #524

This fixes a few issues with advisory dbs, notably ensuring they can be
fetched regardless of the environment, writing `FETCH_HEAD` via
https://docs.rs/tame-index/0.2.4/tame_index/utils/git/fn.write_fetch_head.html,
and properly locking repos before opening/cloning.

Resolves: #479

Fixup #523

Resolves: #482

- Cleanup docs
- Update CHANGELOG