Treat `git` dependencies the same as `path` dependencies for `allow-wildcard-paths`.

[kpreid]

Fixes #488, making it possible to ban wildcards without also banning git-only dependencies.

This may not be a perfect fit for some use cases — arguably git dependencies are less implicitly-versioned than path dependencies since path dependencies are typically always the same revision of the same repo, but git dependencies might be cargo updated to totally different code. But I can't think of an alternative that's equal-or-better in correctness short of introducing even more configuration.

(I suspect that the whole idea of counting path-only or git-only deps as wildcard versions ever is wrong, because the Cargo documentation says that “…the version key always implies that the package is available in a registry. version, git, and path keys are considered separate locations for resolving the dependency” — which implies that a dep without version is different from a dep with a wildcard version. However, figuring out Cargo's behavior there and how cargo-deny should treat it feels like a rabbit hole I don't want to go down just to fix #488. I left a TODO comment suggesting further consideration.)