[cargo vet] Trust Google's aggregated audits instead of just those for Fuchsia and Chromium

[tschneidereit]

Feature

Google is aggregating cargo vet audits from Fuchsia, Chromium, ChromiumOS, and some internal projects, in a single place. We should switch to importing that aggregation.

Benefit

Switching to the aggregation from our current import of the Fuchsia and Chromium audits would give us more coverage now and in an ongoing manner.

Implementation

It's probably as simple as switching the import, but for all I know there might be a need to evaluate some of Google's custom audit criteria and see how to apply them. ("For all I know", because I didn't deeply check whether there's anything new compared to our current imports.)

Alternatives

Keep things as they are

[fitzgen]

I would be in favor of this.

It's probably as simple as switching the import, but for all I know there might be a need to evaluate some of Google's custom audit criteria and see how to apply them. ("For all I know", because I didn't deeply check whether there's anything new compared to our current imports.)

I skimmed the custom audit criteria and they seem reasonable. I don't think we should adopt their criteria for our uses, but I don't think they will get in our way and I don't think they are lowering audit standards.