quasi-lock dependencies in omicron-common job

[iximeow]

"fixes" #6691 by stealing the checked-in Cargo.lock when building the standalone omicron-common crate created for this job. this lets us keep the specific refs of git dependencies that are ref="main" and similar, which might otherwise resolve to different commits than the rest of the tree (and its omicron-common) can actually build with.

it'd be nice to have fewer git dependencies using branch names for refs, either by using a cratesio crate or specific commit or something, but this seems to make things a bit less brittle in the mean time.

https://github.com/oxidecomputer/omicron/runs/30726055679 passes here while failing to build on main 🎉

[sunshowers]

it'd be nice to have fewer git dependencies using branch names for refs [...] by using a [...] specific commit

Ah sadly that isn't possible because that will cause a lot of duplicate deps when used across Cargo workspaces. Putting stuff on crates.io would help but then we'd have to manage semver.

On balance we've generally found using a branch name to be the least bad option.

[iximeow]

all three workflow failures here are different kinds of flakes!

the first commit saw the same as #6506 (and log lines), the second saw #6505 (and log lines), as well as helios/deploy failing because the host was so out of memory it couldn't page anything out..