I'm not completely sure what to do here because many crates seem to get published from the release PR branch, not the main one, so the commit id is usually unreliable anyway.

On one side I want something strict that can't be easily bypassed, on the other if everything's a red flag you'll just ignore it

Correct. To be clear, the xz vulnerability shows that this is just a very small step, but it will at least make git repo audits more useful since you will then know that the crates.io release matches.

Unfortunately, the git commit isn't always available, either because of releases made with old versions of cargo, or because maintainers deliberately publish with cargo publish --allow-dirty or cargo hack --no-dev-deps