Make manifest path absolute without resolving symlinks

[sivizius]

Cargo expects the file path to be absolute. However, symbolic links are allowed. It’s thus enough to call https://doc.rust-lang.org/std/path/fn.absolute.html instead of https://doc.rust-lang.org/std/path/struct.Path.html#method.canonicalize.

We have a large workspace with various crates and are using Nix/crane to build various binaries. To avoid rebuilding all components when unrelated code of a crate was altered, we want to graft a directory with symbolic links to generated workspace members (dummies, library-only, binary-only, library-with-tests, full, …). These directories are read-only.

1. By using canonicalize, cargo cyclonedx tries to find the Cargo.lock in /nix/store/ instead of /build/, where the generated Cargo.toml is located.
2. Even if the links point to /nix/store/<hash>-source/<member>/, with a lock file in /nix/store/<hash>-source/, running cargo cyclonedx fails because it tries to output the SBOM to e.g. /nix/store/<hash>-source/<member>/….cdx.json, which is a read-only directory.

This works just fine for cargo build, etc., just not for cargo cyclonedx.

If this is PR is a breaking change because resolving symbolic links is expected now, perhaps some CLI flags should be implemented:

• to enable/disable symlink resolution,
• to specify the output directory (--output-dir, see e.g. cargo tarpaulin),
• to specify the path to Cargo.lock (--lockfile-path, see e.g. cargo build),

However, I doubt resolving symbolic links is expected, as this differs from the behaviour of default cargo tools. On the other side: Even with my proposed change, these CLI options might be useful.

[Shnatsel]

Sounds good, thank you!

Since path::absolute was added in Rust 1.79, please bump rust-version both in Cargo.toml and in the Github Actions files. Once that's done I can merge.