MIR: Rust: Favor OpenSSL to Rustls

[schopin-pro]

Something we might want to check in MIR reviews for Rust packages is that the programs should use libssl as their crypto implementation rather than rustls. Rustls doesn't seem to have a centralized point to configure its crypto policy.

[slyon]

I agree this would be good. What would be the best was to check that? I usually check for a libssl dependency. We probably want to have a TODO item in the MIR filing template and MIR review template for this.

Can you draft a PR around this?

[schopin-pro]

Yes, I guess a libssl3 dependency in the final binary is probably the best signal, but it'd be really easy to end up with both stacks used in the same binary. Now, most crypto-using crates will allow switching crypto stack through features, so we'd want the package to explicitly enable those features.