Package names can inject options into calls to Cargo commands

[PaulDance]

Description When a weird and probably unauthorized package name is used, it can change the behavior of the calls to Cargo command by having leading dashes for example.

Expected behavior Package names, as malformed as they are, should not be confused with internal CLI arguments, be passed onto the registry and let it be the judge of the validity.

To Reproduce Steps to reproduce the behavior:

1. Have a config file with the following:

   [packages]
   --help = "*"

2. Run cargo liner ship -vvv.
3. See error below.

Output

TRACE cargo_liner::cargo                     > Search for "--help" got: "Search packages in crates.io\n\nUsage: cargo search [OPTIONS] [query]...\n\nArguments:\n  [query]...  \n\nOptions:\n      --limit <LIMIT>        Limit the number of results (default: 10, max: 100)\n      --index <INDEX>        Registry index URL to upload the package to\n      --registry <REGISTRY>  Registry to use\n  -q, --quiet                Do not print cargo log messages\n  -v, --verbose...           Use verbose output (-vv very verbose/build.rs output)\n      --color <WHEN>         Coloring: auto, always, never\n      --config <KEY=VALUE>   Override a configuration value\n  -Z <FLAG>                  Unstable (nightly-only) flags to Cargo, see 'cargo -Z help' for details\n  -h, --help                 Print help\n\nManifest Options:\n      --frozen   Require Cargo.lock and cache are up to date\n      --locked   Require Cargo.lock is up to date\n      --offline  Run without accessing the network\n\nRun `cargo help search` for more detailed information.\n"
 ERROR cargo_liner                            > No regex capture while parsing search output for "--help".

Additional info This fails on cargo search, but the same will fail for cargo install. Options and arguments should be split using -- that cargo commands support.

[PaulDance]

Fix released as part of v0.4.2.