use crate2nix for some of our rust crates

[flokli]

The current workflow for building rust crates is error-prone. It uses FOD, which can break in very subtle ways, and it's only visible when you either want to update the package, or some FOD got GC'ed from your store (or binary cache).

crate2nix allows a better workflow: given a source containing Cargo.toml and Cargo.lock, it can produce a Cargo.nix file (and crate-hashes.json), which will create per-crate-granularity nix derivation, allowing faster rebuilds of partial updates, as well as less flakyness when it comes to FODs.

cryptobox required some hacks, as cabal (or our custom plumbing of calling cabal2Nix) expects a single output. I tried to work my way around this with emitting a pkg-config file, but couldn't get it to work, so now emit a single-output derivation (but the underlying build still uses crate2nix).

libzauth-c didn't build at all, it failed with [this errorI(https://stackoverflow.com/questions/73273886/why-do-i-get-prehashsignature-is-not-implemented-for-signature-error-when-usin). Instead of trying to push down certain feature flags, I tried bumping our jwt-simple pin to the most recent commit on this branch (we should be having multiple versions of this in flight anyways), and it built. 🎉

mls-test-cli doesn't work with crate2nix yet, due to a transitive build dependency being too crazy about #cfg usage in its Cargo.toml - I opened an upstream issue for that. Added a comment linking to the issue there.

For rusty_jwt_tools, I can't even create a Cargo.nix. It seems like the workaround in wireapp/rusty-jwt-tools#54 (comment) is not sufficient for this mode of operation. We should really get a Cargo.lock file into the project root. Added a comment there, too.

Checklist

• Add a new entry in an appropriate subdirectory of changelog.d
• Read and follow the PR guidelines

[MangoIV]

looks good to me :)