For example, the aes package is marked as vulnerable by some security tools. The pkcs5 package takes an optional dependency on aes. And pkcs8 takes a dependency on pkcs5, and pkcs1 takes a dependency on pkcs8, etc. (rsa is involved too)
Is there a way in the Cargo.toml to ban aes so that it doesn't end up in Cargo.lock?
There are tools like cargo-deny for declaring and checking what you don't want.
It may not be possible to remove unused crates from Cargo.lock, depending on how they get there. The lockfile is designed to support entire workspace on all platforms, not just the current build.
This may help you find what is pulling in the aes crate: