Regarding Cargo.lock, the recommendation always was to include it in version control for application/binary crates, but not library ones. But tendencies changed over time to include it even for libraries. If a rust-toolchain file is tracked by version control, and is pinned to a specific stable release, then Cargo.lock should definitely be tracked too [1][2].
It’s strictly more information tracked, so there is no logical reason not to include it. There was this concern about people not being aware of –locked not being the default behaviour of cargo install, giving a false sense of security/reliability/reproducibility. But “false sense” is never a good technical argument in my book.
Anyway, your crate is an application/binary one. And if you were to not change the “*” dependency version requirement, then it is almost guaranteed that building your crate will break in the future without tracking Cargo.lock ;)