I opened Cargo.lock and found records like this:
name = "cfg-if"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
So, Cargo use GitHub service but for what? All crates is usually stored in https://crates.io, why not use this server for indexing?
Why it needs to use third party service to manage dependencies? Can I setup some another server for this?
Cargo uses a git repository to store its index, which gives us nice things like incremental updates and versioning.
I think they just chose GitHub to host this repository and manage auth because doing something like this properly - and at scale - is tricky, so it's easier to make another organisation do the hard work.
Cargo has a mechanism for using your own registry to manage dependencies, and there are several commercial and open-source implementations out there.
You can use Cargo's source replacement feature to use an alternate source for a registry. This will require mirroring
crates.io-index repository elsewhere.
Alternatively it's possible to use experimental
sparse-registry feature to avoid dependency on git and use
index.crates.io as registry location (note that lock files will still list GitHub to avoid churn).