chore(ci): run cargo-deny to check licenses and sources

.dockerignore

@@ -12,3 +12,4 @@
 Dockerfile
 LICENSE*
 rustfmt.toml
+deny.toml

.github/workflows/ci.yml

@@ -159,6 +159,11 @@ jobs:
           command: clippy
           args: -- -D warnings
 
+      - name: Run cargo-deny
+        uses: EmbarkStudios/cargo-deny-action@v1
+        with:
+          command: check licenses sources
+
   audit:
     name: Audit
     runs-on: ubuntu-latest

deny.toml

@@ -0,0 +1,17 @@
+[licenses]
+default = "deny"
+unlicensed = "deny"
+copyleft = "deny"
+confidence-threshold = 0.8
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "BSL-1.0",
+    "MPL-2.0",
+    "ISC"
+]
+
+[sources]
+unknown-registry = "deny"
+unknown-git = "warn"
+allow-registry = ["https://github.com/rust-lang/crates.io-index"]