Backpropagate Cargo.lock updates to all lock files (#9180)

* Experiment to backpropagate Cargo.lock updates to all lock files

* Move most of dependabot-specific code to its own file

* Various cleanups

* Fine tune..

* Clean up shells and stop obscure API...

ci/test-checks.sh

@@ -13,6 +13,15 @@ export RUSTFLAGS="-D warnings"
 # Look for failed mergify.io backports
 _ git show HEAD --check --oneline
 
+if _ scripts/cargo-for-all-lock-files.sh check --locked; then
+  true
+else
+  check_status=$?
+  echo "Some Cargo.lock is outdated; please update them as well"
+  echo "protip: you can use ./scripts/cargo-for-all-lock-files.sh update ..."
+  exit "$check_status"
+fi
+
 _ cargo +"$rust_stable" fmt --all -- --check
 
 # Clippy gets stuck for unknown reasons if sdk-c is included in the build, so check it separately.