Add cargo-deny to CI

[ErichDonGubler]

Checklist

• Run cargo clippy.
• Run RUSTFLAGS=--cfg=web_sys_unstable_apis cargo clippy --target wasm32-unknown-unknown if applicable.
• Add change to CHANGELOG.md. See simple instructions inside file. Not sure if this is worth doing for downstream, skipping for now.
• Ensure that codecov is happy.

Connections
Link to the issues addressed by this PR, or dependent PRs in other repositories

None, AFAIK!

Description
Describe what problem this is solving, and how it's solved.

Right now, wgpu's CI doesn't take advantage of nice tooling to audit dependencies. cargo-deny is a fantastic suite of dependency checks that's relatively popular in the Rust community. Add an invocation of cargo deny check as a step in the ci workflow; create configuration; adjust run-wasm's licensing so that it passes.

Testing
Explain how this change is tested.

TODO: Waiting to see how CI handles this.

There are some duplicate dependencies noted, but I doubt it's a problem that will be interesting to tackle except as occasional maintenance, rather than a hard CI check. Leaving as a warning for now.

[codecov-commenter]

Codecov Report

Merging #3185 (b792b23) into master (6ed103e) will decrease coverage by 0.02%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #3185      +/-   ##
==========================================
- Coverage   64.73%   64.70%   -0.03%     
==========================================
  Files          81       81              
  Lines       38747    38819      +72     
==========================================
+ Hits        25084    25119      +35     
- Misses      13663    13700      +37     

Impacted Files	Coverage Δ
wgpu-core/src/track/range.rs	92.85% <0.00%> (-2.15%)	⬇️
wgpu-core/src/command/transfer.rs	70.03% <0.00%> (-0.74%)	⬇️
wgpu-hal/src/gles/queue.rs	61.32% <0.00%> (-0.34%)	⬇️
wgpu-hal/src/gles/command.rs	69.82% <0.00%> (-0.26%)	⬇️
wgpu/src/backend/direct.rs	55.10% <0.00%> (-0.16%)	⬇️
wgpu-core/src/device/queue.rs	70.69% <0.00%> (-0.12%)	⬇️
wgpu-types/src/lib.rs	88.04% <0.00%> (ø)
wgpu-hal/src/gles/egl.rs	37.82% <0.00%> (ø)
wgpu-hal/src/gles/mod.rs	61.53% <0.00%> (ø)
wgpu-core/src/resource.rs	25.13% <0.00%> (ø)
... and 7 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[ErichDonGubler]

@cwfitzgerald: I've just added a sources configuration to this PR with fd10de7. LMK what you think. 🙂

[ErichDonGubler]

Tagging @teoxoy and @jimblandy for 👀.

[ErichDonGubler]

RE: the above codecov report: I'm sure that this is reported as a regression because, at the time, many coverage tests weren't actually running. This should be fixed now, but @codecov-commenter hasn't posted another comment yet. ☹️

[cwfitzgerald]

Fwiw, I think we need to tune the codecov comment, it's rather annoying.