Consider giving detail about diff audit suggestions based on imports/wildcards/trusted entries

[afranchuk]

When adding new crates, cargo vet check (and probably cargo vet suggest) will find a path-of-least-effort to get the new crates certified. This can result in some slightly confusing suggestions since these commands look at all imports as well. It'd be nice if, when a cargo vet diff is suggested which is based on something other than a local audit, the certification reason for the base of the diff is displayed.

For example:

recommended audits for safe-to-deploy:
    Command                                           Publisher    Used By                                   Audit Size
    cargo vet diff webpki-roots 0.23.0 0.23.1         ctz          hyper-rustls                              4 files changed, 81 insertions(+), 5 deletions(-)
      NOTE: webpki-roots 0.23.0 is certified by imported audits from `bytecode-alliance`

While this might result in a bit more noise in the output, as an auditor it feels much better to have the full picture of the chain of audits and why a particular command is suggested. For consistency, it might also be a good idea to include the note for diffs from local audits, something like NOTE: webpki-roots 0.23.0 is certified by audits in the local supply chain.

[bholley]

This seems like a nice feature!