Cargo permissions to detect tampered dependecies

Some previous discussion of ideas along these lines:

I'm definitely a fan of this sort of idea. You can find my take on it here:

Also if you're interested in this sort of stuff, please check out the Rust Secure Code WG: