Nobody knows what "dwf" is, and the data isn't presently consumed or
surfaced by the `rustsec` crate, so we (hopefully) can rename it without
breaking anything.
Cargo uses "package" in Cargo.lock, so there is wisdom to using "package"
instead of "crate_name"
This reverts commit 986c090c06, reversing
changes made to 9556f0fdee.
The correct name for a Rust package is a "crate", so something with "crate" is
less ambiguous than "package".
However, "crate" itself is a Rust keyword. To avoid clashes in Rust code which
uses this same attribute name, "crate_name" can be used instead unambigously.
