Support reproducible builds of Rust library (Qiskit#7728)

By default Rust libraries don't ship a Cargo.lock file. This is to allow
other Rust consumers of the library to pick a compatible version with
the other upstream dependencies. [1] However, the library we build in
Qiskit is a bit different since it's not a traditional Rust library but
instead we're building a C dynamic library that is meant to be consumed
by Python. This is much closer a model to developing a Rust binary
program because we're shipping a standalone binary. To support
reproducible builds we should include the Cargo.lock file in our source
distribution to ensure that all builds of qiskit-terra are using the
same versions of our upstream Rust dependencies. This commit commits the
missing Cargo.lock file, removes it from the .gitignore (which was added
automatically by cargo when creating a library project), and includes it
in the sdist. This will ensure that any downstream consumer of terra
from source will have a reproducible build. Additionally this adds a
dependabot config file so the bot will manage proposing version bumps on
upstream project releases, since we probably want to be using the latest
versions on new releases in our lock file.

[1] https://doc.rust-lang.org/cargo/faq.html#why-do-binaries-have-cargolock-in-version-control-but-not-libraries

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "cargo" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"

.gitignore

@@ -155,4 +155,3 @@ test/ipynb/mpl/graph/result_test.json
 # Added by cargo
 
 /target
-Cargo.lock