How to handle libraries that are not explicitly added by me, but pulled by other SPMs that I use in my project? For example Firebase SPM pulls other packages like Abseil, nanopb etc. Do I need to handle those, and make sure they contain privacy manifests, or is Firebase package "responsible" for those?