ci: audit and udeps

[milancermak]

Adds two new CI Actions, as discussed in #4:

1. Security audit check via the audit-check action. It is set up to run periodically once a day (as opposed to it being triggered by a push to master on on a PR) because of a limitation that the action can't be triggered if the PR is coming from a fork. I figure it's fine this way because of the release process.

2. Unused dependencies via cargo-udeps. There's no GH Action wrapper for the tool, so I just built it using action-rs/toolchain, similar to the test workflow. It runs on nightly.

I had a look at cargo-deny as mentioned in #4, but I don't think it's necessary.

[xJonathanLEI]

@milancermak Seems to be an issue with YAML format. Try formatting with prettier --write .?

[xJonathanLEI]

It's the audit.yml file:

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index b029e05..ce4e7e9 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -1,7 +1,7 @@
 on:
   schedule:
     # 2:20 past midnight UTC
-    - cron: '20 2 * * *'
+    - cron: "20 2 * * *"

 name: Security audit
 jobs:

[milancermak]

Yeah, saw that, fixed now.

Also the udeps is taking way too long, gonna tweak the cache settings so it's faster.

[xJonathanLEI]

Yeah installing udeps itself takes really long lol. Not a huge deal though considering GitHub Actions is free for open-source projects (as far as I remember).

[xJonathanLEI]

Oops. It seems serde_json is only used in tests in starknet-core. We need to move it to [dev-dependencies].

[xJonathanLEI]

LGTM