Capture data only available during the build process

[Shnatsel]

There is a certain amount of data that is only available during or after the actual build, such as a hash of the resulting binary, the RUSTFLAGS used (not just from the environment variable but also from the Cargo configuration), etc.

There are two ways to implement it:

1. Hook into the build process, similar to how https://github.com/rust-secure-code/cargo-auditable works
2. The hypothetical "build info" file that's being discussed by the Cargo team could be used to achieve this.

[Shnatsel]

cargo build -Z unstable-options --build-plan might also help. I have not investigated it in detail. It will be still missing the hash of the final binary, etc.

[lfrancke]

There is a ticket to maybe delete build-plan support so I would not recommend relying on it.

In any case it is the plan on what will run not what did run.
The idea of @epage @arlosi was to introduce a machine readable file ("build info") that records everything that actually was built (and how).

There is no tracking issue for this yet but I hope that we'll have something soon.

[Shnatsel]

The build-info pre-RFC can be found here: https://internals.rust-lang.org/t/pre-rfc-cargo-sbom/19842