chore: track lockfile

We need to track lockfile
because we want to make sure our CI using rayon@1.10.0.
And I don't want to block whoever wants to use latest rayon to run tests.
(Though that doesn't matter as dependent won't respect our lockfile)

For other reasons, see

* <https://blog.rust-lang.org/2023/08/29/committing-lockfiles/>
* <https://doc.rust-lang.org/nightly/cargo/faq.html#why-have-cargolock-in-version-control>
* <https://doc.rust-lang.org/nightly/cargo/reference/rust-version.html>

Most importantly:

> Verifying a minimum-supported Rust version (MSRV)
> that is less than the latest version of a dependency supports

And actually during the course, I found that `windows-link` requires
Rust 1.71. `windows-link` is a transitive dependency of `anstyle`
through `windows-sys`.
Our MSRV is already a lie for windows user when enabling `color`.

``` console
$ cargo generate-lockfile --config 'resolver.incompatible-rust-versions="fallback"'
    Updating crates.io index
     Locking 24 packages to latest Rust 1.70.0 compatible versions
      Adding snapbox v0.6.24 (available: v1.1.0)
      Adding windows-link v0.2.1 (requires Rust 1.71)
```

Author: weihanglo

.gitignore

@@ -1,2 +1 @@
 /target
-Cargo.lock