Add new command to trace build deps and files

[pombredanne]

It would be awesome to be able to trace which files and dependencies are either:

• used during the build
• effectively included in the built, installable files

This would be an excellent input to further usage downstream such as:

• understanding the license and origin of the redistributed files bundled in the binaries (and generate better Debian copyright files)
• looking up dependencies vulnerabilities if any
• generate inventories and SBOMs

The collection of used files could be done with strace and https://github.com/nexB/tracecode-toolkit-strace

The collection of dependencies could be done with a mix of parsing manifests and lockfiles (See scancode-toolkit for this) or issuing the build commands that can create this data otherwise. See https://github.com/nexB/dependency-inspector/issues/2 for some ideas.

[pombredanne]

@jelmer tell me if this is something that you see fitting here or not.

[jelmer]

Yep, that makes sense.