rustsec: Fix git2 via cargo-edit-9 fork

[pinkforest]

Fixes #830
Supercedes #801

packed_simd_2 is similar how it's used. Can use this and gradually do something about it e.g. minify it for our purposes.

I've worked 0.9 with dependency bumps to: https://github.com/pinkforest/cargo-edit-9

crates-index also has to be bumped to 0.19 that picks up 0.16 git2

This was according to recommendation here:

• Trouble updating library usage from v0.9: replacement for LocalManifest::upgrade? killercup/cargo-edit#837 (comment)

[Shnatsel]

Looks good to me, thanks for doing this!

I'd like to get an LGTM from @tarcieri as well before we ship this, but it does look like a good approach and it'd be nice to get this shipped ASAP.

[Shnatsel]

I'll go ahead and ship it.

[tarcieri]

It's fine, though I would like to finish getting the parts we need vendored, especially as they're useful for implementing other features

[pinkforest]

There are other people who need this as well so I think keeping it as a crate but more for our purposes could work ?

[tarcieri]

We only need a small subset of the functionality, and it currently has a lot of hard dependencies which are unnecessary for our purposes, which is why fix is currently gated under a feature.

I have a WIP branch partly finished to extract the requisite functionality which also eliminates the need to feature-gate fix, which I think would make it a lot more discoverable.

There are also private APIs it would be nice to have visible within the rustsec crate itself.

[pinkforest]

yeah the deps are a lot, I thought about vendoring and thought it's a lot of work and thought you might have something in the oven so temporary stopgap then

What I meant more is that can we make it separate crate so we can offer this to others w/o having to use rustsec ?