Supporting pure build toolchains

[psionic-k]

Writing this relatively late for me, so expect inaccuracies.

In order to ensure reproducibility and avoid unidentified supply chain surface area, Nix and Guix etc seek to build from within a sandbox.

To accomplish this, the network access for dependencies happens separately from any build and cargo is directed to the location of these pre-fetched dependencies and made to succeed somewhat painstakingly.

Since providing and using the dependencies for a Rust build output are pretty tightly related, it makes sense to output the wasm and then hand it to trunk to complete the steps of running bindgen and bundling.

Have you seen any of this done or considered it yet?