disallow cargo-driven Rust tool updates during build

[wesolows]

Using the rust-toolchain.toml feature in repos containing Rust code is a good way to make sure the right/expected toolchain gets used when building it (unless you're a library in which case haha fuck you!!!). But it also induces cargo to invoke, in some manner, rustup if you don't have that toolchain installed, which modifies the build environment. For anything we're going to ship to a customer, we definitely don't want rustup on the machine at all, and we certainly don't want the user doing the build to be able to invoke it. But we do -- I would expect -- want this toolchain version checking for repos that request it. This leads to the conclusion that we probably want to make sure we enumerate the set of toolchains that are expected to be used ourselves, and cut rustup out of the picture entirely. If we don't have the right toolchains, we should fail.