crates.io security advisory

This is a cross-post of the official security advisory. The official post contains a signed version with our PGP key, as well. The Rust Security Response Working Group was recently notified of a security issue affecting token generation in the crates.io web application, and while investigated that issue we discovered an additional vulnerability affecting crates.io API tokens. We have no evidence of this being exploited in the wild, but out of an abundance of caution we opted to revoke all exist...