Report unsoundness in cve-rs, totally-safe-transmute and totally-safe

[Nugine]

We are using cargo audit -D warnings to avoid problematic dependencies.

To prevent anyone from using these crates in the dependency tree (accidentally?), I think it is meaningful to include them in advisories.

• https://github.com/meithecatte/fake-static (RUSTSEC-2020-0013)
• https://github.com/Speykious/cve-rs
• https://github.com/ben0x539/totally-safe-transmute
• https://github.com/viktorlott/totally-safe

Reverse dependencies

• https://crates.io/crates/cve-rs/reverse_dependencies (0 dependents)
• https://crates.io/crates/totally-safe-transmute/reverse_dependencies (1 dependent)
• https://crates.io/crates/totally-safe/reverse_dependencies (0 dependents)

resolves #826

[tarcieri]

See previous discussion on #826

[Nugine]

The three crates are intentional exploits of rustc soundness bugs, like fake-static, which has been flagged in #207 and #270 previously. I personally recommend including them as informational = "unsound".
If RustSec cannot make a decision yet, I'm Ok to leave this PR open and wait.

[kornelski]

These crates may be a joke, but the APIs are unsound for real. I expect cargo audit is used in projects where ending up with any of them as a dependency isn't funny. I would prefer to have them flagged.