Check targets in isolation

[Jake-Shadle]

Right now, if you specify that you want to filter targets in the deny.toml with something like

targets = [
    { triple = "x86_64-unknown-linux-gnu" },
    { triple = "aarch64-apple-darwin" },
    { triple = "x86_64-apple-darwin" },
    { triple = "x86_64-pc-windows-msvc" },
]

cargo-deny will gather all of the dependencies for every crate, as long as they are pulled in by one or more of the specified triples (and matches the feature set, if they are optional). This however means that some portions of the crate graph are checked that are actually impossible in a real build context.

For example. lets look at a condensed version of [email protected].

[target.'cfg(target_os = "windows")'.dependencies.winapi]
version = "0.3.6"
features = [
   " ..."
]

[target.'cfg(any(target_os = "linux", target_os = "dragonfly", target_os = "freebsd", target_os = "openbsd", target_os = "netbsd"))'.dependencies]
mio = { version = "0.6", optional = true }

On Windows, [email protected], the latest version, is used for all of the Windows specific APIs. This is good since the 0.2 version has severe compile time issues due to how the crate was structured, which is why we want to ban it from all of our codebases. However, because mio is used at the older 0.6 version for linux/BSD* when we unify targets we think that [email protected], which is still used by that older mio version, is used, even though in the actual compile for Windows, we would only get the 0.3 version.

Instead of unifying all target platforms and checking a single giant crate graph that includes such erroneous subtrees, we should instead get a target specific graph for each target the user wants to check, and check each of them in parallel with each other so that we're only checking valid crate graphs.