"Lockdown" mode, maximally restrivtive of changes to dependancies.

[nuke-web3]

Is your feature request related to a problem? Please describe.

I would like to lockdown a crate so that effectively all changes to Cargo.toml are denied:

• no new deps
• no changed versions
• no feature changes
• ect.

Describe the solution you'd like

Some config option(s) that act as wildcards to provide this "lockdown" mode in the canonical examples and/or docs. That is assuming others would find something close to this behavior of use.

Describe alternatives you've considered

Experimenting with configs to see if I can manage the behavior myself 😅 figured I would ask here first, maybe what I want is just a link to some doc I missed away 🤞

Additional context

My use case is to leverage cargo deny in the context of crates used in coursework that is automatically graded and we want to ensure that:

• Students will be warned locally (running cargo deny and/or tests) if they are changing anything as we require they do not use anything but provided crates, versions and features.
• Automated grading is processed by a github workflow, and we want to check they complied and stop the grading before any other work or time is spent on the job if they did not.

[Jake-Shadle]

I am not sure that this makes sense for cargo-deny. It is an extremely specific case that seems like it would be easier to verify by using --locked and validating the Cargo.lock has not been modified by using a SHA-256 or something in your automated process.