feat(ecosystem): add Cargo (Rust) package scanning support

[0xmichalis]

docs/inventory-sources.md lists Cargo (Rust) under "Not currently covered". Adding it would close a visible gap: the bundled threat_intel/trapdoor-crypto-stealer/ catalog already names Cargo packages, but Bumblebee has no way to match them on disk. A baseline scan of a Rust-heavy developer machine currently reports zero crate packages.

Relevant on-disk surfaces (no cargo subprocess needed):

• ~/.cargo/.crates2.json — JSON record of every binary installed via cargo install; highest-confidence baseline source.
• Cargo.lock — TOML lockfile with [[package]] blocks (name, version, source, checksum).
• ~/.cargo/registry/{cache,src}/... — lower-confidence "was fetched" signal, probably deep profile only.

~/.cargo is already discovered as a user_package_root (confirmed against v0.1.1), so the change is mostly a new internal/ecosystem/cargo/ reader plus a scanner dispatch.

[SwarnenduG07]

can i work on this ?