Allow configuring multiple-versions lint level on per-crate basis

[jplatte]

Is your feature request related to a problem? Please describe.

Sometimes, it is desireable to enforce certain (usually direct) dependencies are not in the dependency graph another time, while at the same time it is pretty much impossible to enforce that every crate is only present once in the depgraph.

Describe the solution you'd like

Allow banning multiple versions of specific crates (in addition to being able to set the lint level for any crate being in the depgraph multiple times).

[Jake-Shadle]

So you are wanting to opt in to detecting multiple versions of the same crate, rather than needing to mark one or more duplicates via the skip section?

Can you maybe give an anecdotal scenario or example configuration so I can understand what you want more clearly, because right now the change in my head would lead to either duplicates creeping in over time, or possibly needing to make multiple configuration changes for each duplicate crate.

[jplatte]

Yes. I think this can be useful when a certain dependency is rather heavy, for example tokio. You might not want to enforce "no duplicate crates" for the whole project since maintaining that with a large depgraph is a decent bit of extra work and having small dependencies duplicated doesn't usually hurt much (e.g. different versions of macro-rules crates like matches or pin-project-lite), but having multiple versions of one of those heavy dependencies is a problem and should be prevented.

[cgwalters]

Yep, I want this to deny having multiple versions of rustix, which is an important low-level crate and it is currently making semver-incompatible releases (unlike tokio which has been 1.0 for a while).

I may try implementing this if there's consensus. What should the syntax look like? Perhaps:

[[bans.deny]]
name = "rustix"
multiple-versions = "deny"