Lockfile generation in sandbox broken for `cargo` on macOS

[maxrake]

Overview

Cargo lockfile generation with the Birdcage sandbox is broken for at least macOS.

How To Reproduce

# clone a rust library (no lockfiles, only manifests)
> git clone git@github.com:deepcausality-rs/deep_causality.git

# (go into that repo)

../deep_causality  9  19 on  main [?] via :crab: v1.73.0
❯ /Users/maxrake/dev/phylum/localdev/cli/target/debug/phylum --version
phylum v5.8.1-4-g732b0d3

../deep_causality  9  19 on  main [?] via :crab: v1.73.0
❯ type cargo
cargo is /Users/maxrake/.cargo/bin/cargo

../deep_causality  9  19 on  main [?] via :crab: v1.73.0
❯ /Users/maxrake/dev/phylum/localdev/cli/target/debug/phylum parse -t cargo ./Cargo.toml
Generating lockfile for manifest "Cargo.toml" using Cargo…
:exclamation: Error: could not parse lockfile: ./Cargo.toml

Caused by:
    0: Lockfile generation failed! For details, see: https://docs.phylum.io/docs/lockfile_generation
    1: package manager quit unexpectedly (code: Some(1)):

       error: command failed: 'cargo': Operation not permitted (os error 1)

../deep_causality  9  19 on  main [?] via :crab: v1.73.0
:x: 1 ❯ /Users/maxrake/dev/phylum/localdev/cli/target/debug/phylum parse -t cargo --skip-sandbox ./Cargo.toml
Generating lockfile for manifest "Cargo.toml" using Cargo…
[
  {
    "name": "adler",
    "version": "1.0.2",
    "type": "cargo",
    "lockfile": "Cargo.toml"
  },
  {
    "name": "ahash",
---TRIMMED---

Expected Behavior

Lockfile generation in a sandbox works for all supported lockfile generators and for all supported platforms.

Additional Context

It might be necessary to create a test suite that generates lockfiles with all supported lockfile generators and for all supported platforms. Perhaps the private isildurs_bane repo can be used for this. If so, it will need to be modified to include library directory examples where no lockfiles exist (only manifests).