Generate Cargo.lock before call cargo audit

Starting from v0.18.0, cargo-audit hangs indefinitely if Cargo.lock
does not exist. We discovered this while upgrading the container
from v26 to v28 [1], which among other things updated cargo-audit.

For the binary crates this should not be a problem, since they have
Cargo.lock committed, but for many libraries this may not be true.

If Cargo.lock is not there, we are generating one with the latest
available versions, which may not be very significant. For this and
other reasons it's now suggested that libraries also have a
Cargo.lock [2] committed (thanks Manos for pointing this out).

Note: `cargo generate-lockfile` updates Cargo.lock if it's already
there, but we don't want it, that's why we have the guard.

[1] #138
[2] https://doc.rust-lang.org/nightly/cargo/faq.html#why-have-cargolock-in-version-control

Suggested-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Suggested-by: Patrick Roy <roypat@amazon.co.uk>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>

.buildkite/test_description.json

@@ -71,7 +71,7 @@
     },
     {
       "test_name": "cargo-audit",
-      "command": "cargo audit -q --deny warnings",
+      "command": "[ -e Cargo.lock ] || cargo generate-lockfile; cargo audit -q --deny warnings",
       "platform": [
         "x86_64"
       ]