I am not sure you are proposing a solution for the raised problem: the more people there are in the supply chain, the higher the risk that someone turns rogue or gets hacked.
How could cargo audit help there when you don't know if a particular package has been infiltrated?
Supporting tools like cargo audit would be a better choice for the entire ecosystem, not just things that are appropriate to have in stdx.