Add cargo audit CI task

.github/workflows/cargo-audit.yml

@@ -0,0 +1,35 @@
+---
+name: Audit dependencies
+on:
+  pull_request:
+    paths:
+      - .github/workflows/cargo-audit.yml
+      - Cargo.toml
+      - Cargo.lock
+  schedule:
+    # At 06:20 UTC every day. Will create an issue if a CVE is found.
+    - cron: '20 6 * * *'
+  workflow_dispatch:
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # We don't need to check CVEs against the checked in lockfile,
+      # but only against the newest compatible dependencies.
+      # This avoids significant maintenance work that provide no benefits.
+      # We only need to make sure there is any compatible dependency without a known issue
+      - run: cargo update
+
+      - uses: actions-rust-lang/audit@160ac8b6edd32f74656cabba9d1de3fc8339f676 # v1.2
+        name: Audit Rust Dependencies
+        with:
+          denyWarnings: true
+          # Ignored audit issues. This list should be kept short, and effort should be
+          # put into removing items from the list.
+          ignore: