Bug: unused workspace dependency check breaks when replacing crates-io with a mirror

[gillyobeast]

Describe the bug

the new workspace-dependency.unused setting reports false positives when you proxy crates.io via another cargo repository.

i found this running against an internal artifactory mirror of crates.io, which for obvious reasons i can't use for a reproduction, but using a random (out of date) mirror i found on the web also reproduces it.

minimal repro repo available here

To reproduce

1. check out minimal repro repo above, OR add the following to .cargo/config.toml in the root of a cargo project:

   
   [source.mirror]
   registry = "https://github.com/hotg-ai/crates.io-index"

[source.crates-io]

comment out below line (stop proxying crates.io via mirror) to fix issue

replace-with = "mirror"

2. run `cargo deny check bans` 
3. should get the following output:

❯ cargo deny check bans error[unused-workspace-dependency]: workspace dependency is declared, but unused ┌─ /Users/lake.armitage/personal/workspace-lint-false-positive-repro/Cargo.toml:12:1 │ 12 │ wiremock = "0.5" │ ━━━━━━━━ unused workspace dependency

bans FAILED

despite the `wiremock` workspace dependency being used in `bin/foo-lib/Cargo.toml`

commenting out the `replace-with` line in the config.toml resolves the issue.

### cargo-deny version

cargo-deny 0.16.1

### What OS were you running cargo-deny on?

MacOS

### Additional context

_No response_

[gillyobeast]

i think it's something to do with how the code compares the url for the crate against the expected url for crates.io, here: https://github.com/EmbarkStudios/cargo-deny/blob/5da8b8565620c0987d6baa4345fa4d033b5e7819/src/diag/krate_spans.rs#L807-L817