Describe the bug

I have a crate that may depend on either aws-lc-rs or ring, depending on feature flags. I have entries in licenses.exceptions for both:

exceptions = [
    { allow = ["OpenSSL"], name = "aws-lc-sys" },
    { allow = ["OpenSSL"], name = "ring" },
]

However, when I run cargo deny check licenses, I get:

warning[license-exception-not-encountered]: license exception was not encountered
   ┌─ deny.toml:16:36
   │
16 │     { allow = ["OpenSSL"], name = "ring" },
   │                                    ^^^^ unmatched license exception

licenses ok

If I remove that exception, I get no warnings. But if I remove that exception and change my feature flags to default-enable ring, I get an error about ring. So the exception is definitely necessary, and it appears to be a bug both that the exception is seen as unused and that the optional dependency on ring isn't being detected.

To reproduce

cargo new testcrate. Put this in the Cargo.toml manifest:

[package]
name = "testcrate"
version = "0.1.0"
edition = "2021"
license = "MIT OR Apache-2.0"

[features]
default = ["aws-lc-rs"]
aws-lc-rs = ["rustls-acme/aws-lc-rs"]
ring = ["rustls-acme/ring"]

[dependencies]
rustls-acme = { version = "0.10.1", default-features = false }

Put the following in deny.toml:

[licenses]
version = 2
allow = [
    "Apache-2.0",
    "BSD-3-Clause",
    "ISC",
    "MIT",
    "MPL-2.0",
    "Unicode-DFS-2016",
]
confidence-threshold = 0.8
exceptions = [
    { allow = ["OpenSSL"], name = "aws-lc-sys" },
    { allow = ["OpenSSL"], name = "ring" },
]

[[licenses.clarify]]
name = "ring"
expression = "MIT AND ISC AND OpenSSL"
license-files = [
    { path = "LICENSE", hash = 0xbd0eed23 }
]

Now run cargo deny check licenses, and observe the warning.

cargo-deny version

cargo-deny 0.14.24

What OS were you running cargo-deny on?

Linux

Additional context

No response