Bzlmod: Implement strict repo deps #13793
Description
Main issue: #13316
The repository derived from a Bazel module should only be able to access other repositories generated from its direct dependencies.
Eg.
A/MODULE.bazel:
module(name = "A", version = "0.1.0")
bazel_dep(name = "B", version = "1.0.0")
B/MODULE.bazel:
module(name = "B", version = "1.0.0")
bazel_dep(name = "C", version = "1.1.0")
C/MODULE.bazel
module(name = "C", version = "1.1.0")
Repository A won't be able to access any targets from C unless it also declares a direct dependency on C by adding bazel_dep(name = "C", version = "1.1.0") in its MODULE.bazel file.