Oh wow. Thank you for your fast and very helpful answers.
First: The list by bjorn3 and crate by CAD97 showed me, that i used the wrong term for searching. Capabilities is a better one.
Second: It seems i was not very clear and precise in my description. I do not want to create any sandbox or any runtime security. It was only meant as a helper tool for developers to find unexpected behaviour (unexpected in terms of: You would not think that your logging tool connects to any network resource on purpose). It should not handle any malicious code or anything. Also it should not used as a last line of defense. Only a helper tool to get insights of the dependencies used by your code. Of course sometimes there will be hard to catch edge cases, where such a code analyzer cannot get any helpful informations. But for me it would be sufficient if it prints, which std functions are called by dependencies like it was described here: Crate capability lists - #3 by elszben
I simply want a quick (and automatic) way to describe what a crate is doing at the high level. If it is not using any library (nothing from std) and not using unsafe blocks then I am sure that it will not steal my data or put evil stuff on my disk. If it is using std::fs:: or std::net then I am a little more sceptical. If it is using unsafe and calling c functions then all bets are off. I really need to check the code in that case (or delegate the audit to someone else).
If i write a simple cli app, which takes stdin and put it on stdout, then i am sceptical when a code analyzer can show me, that there is a network resource in use in any function.
But you gave me a lot to read and i will investigate it further. Thank you. And if you have any further input, i am pleased to read.