Solve CI warnings replacing outdated actions

[andros21]

Issue #, if available

Try to remove noisy warnings inside github actions

Description of changes

Principally by bumping to new tag version (e.g.
action/checkout). But for unmaintained actions the swap
with a fork or something similar, is the only solution:

• action-rs/toolchain -> dtolnay/rust-toolchain
• action-rs/audit-check -> rustsec/audit-check

Two consequences of using dtolnay/rust-toolchain are:

• no more needed CARGO_TERM_COLOR=always already set by
  the action
• use directly cargo commands in run steps

I also change deprecated ::set-output commands

A question to complete the PR:
How about actions-rs/tarpauli step? It was responsible for
the failure of general "Rust" workflow before the fork. It's
also unmaintained as all action-rs/*. A possible
replacement can be found, but I don't understand if it's still
used or not

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[LukeMathWalker]

Thanks for this, much appreciated!

I'd like to keep (and fix) the tarpaulin job. You can probably use this as a reference implementation.

[andros21]

I've pushed a proposal for fix it, using taiki-e/install-action to install tarpaulin from github-releases of the author, avoiding crate build

Let me know if there is something more I can do here.
Partly related:

1. to keep actions updated, how about enabling something like dependabot?
2. can be advisable to set explicitly permissions related to GITHUB_TOKEN,
   for example in "Publish binaries" permissions: {contents: write}

If appreciated I can make these changes in a separate PR

[LukeMathWalker]

I'd definitely be open to both changes.
On dependabot: I'd prefer a configuration that doesn't raise PRs unless there is a semver-breaking version bump.