Support for denying crates with executables or specific file extensions

[repi]

Some crates like prost-derive include embedded executables that they run in build.rs, this works on the main dev platforms but something we would like to have pure Rust versions of and deny.

@luciofranco also mentioned that it could be useful to be able to deny crates with specific file extensions in it, which could be part of the same feature.

This would require some scanning and wouldn't be fool proof because a crate could still contain say a zipped exe that it unpacks or simply download an exe and run it in build.rs. But can be good to investigate still