feat: Add deny-sarif converter for cargo-deny output

[Copilot]

This PR implements a new converter for cargo-deny that converts its JSON output to SARIF format, addressing the feature request for cargo-deny support.

Changes

• New deny-sarif binary crate following the established patterns of existing converters
• SARIF converter module in serde-sarif that parses cargo-deny JSONL output
• Comprehensive test suite including integration tests with sarif-fmt
• Full documentation with usage examples and GitHub Actions integration

Implementation Details

The converter supports all major cargo-deny diagnostic types:

• Bans: Explicitly banned dependencies
• Advisories: Security vulnerabilities (with RustSec URLs)
• Licenses: License compatibility issues
• Sources: Dependency source problems

Key features:

• Parses JSONL format from cargo deny --format json check
• Maps severity levels appropriately (error, warning, note)
• Generates proper SARIF location information pointing to Cargo.toml
• Includes help URLs for advisories and general cargo-deny documentation
• Enhances messages with package name and version information

Usage

# Basic usage
cargo deny --format json check | deny-sarif

# With file output
cargo deny --format json check | deny-sarif > results.sarif

# Pretty print with sarif-fmt
cargo deny --format json check | deny-sarif | sarif-fmt

Example Output

warning: Package in deny list (package: tokio 1.0.0)
  ┌─ Cargo.toml:1:1
  │
1 │ [workspace]
  │ ^^^^^^^^^^^
  │
  = Package in deny list

error: Potential security vulnerability (package: vulnerable-package 0.1.0)
  ┌─ Cargo.toml:1:1
  │
1 │ [workspace]
  │ ^^^^^^^^^^^
  │
  = Memory safety vulnerability

The implementation follows the same architecture as existing converters like hadolint-sarif and clippy-sarif, ensuring consistency with the project's design patterns.

Fixes #643.

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

[psastras]

@copilot fix the ci failure looks like a lint error

[Copilot]

@copilot fix the ci failure looks like a lint error

Fixed the lint error - it was a clippy warning about useless use of format! in the deny converter. Also updated the CI configuration to include deny-sarif in the build matrix. Changes committed in 693d1ef.