cargo-bitbake: Add an option to trust lockfiles

[BKDaugherty]

Description

When using Cargo Bitbake in combination with lockfiles, I was a little surprised that cargo-bitbake didn't just read from the lockfile directly as that has the resolution information I'd like to use.

--require-lockfile can now be used to blindly trust an existing lockfile without performing resolution. This is done so that users can avoid performing resolution if they already have a lockfile checked in.

I could see a fair argument here that the right way of doing this is likely staying more similar to the rest of the family of cargo tools, and accepting something like a --locked and --offline flag, and if we attempt to access the network or modify the Lockfile while performing resolution, we panic.

That being said, this was the easiest thing for my company to do without thinking about it too much, so we went with this 🤷 . Would love to discuss how cargo bitbake is intended to interact with lockfiles in the ecosystem as a whole if anyone has ideas!

Caveat: this won't work with workspaces / virtual manifests correctly, but this tool doesn't seem to handle them, so I don't think this is really a regression.

Test Plan

I tested this by running it on all of my companies recipes, but can do some more testing / testing in a public way if desired!