Adding a zeroize function for flat types

[nstilt1]

For reducing zeroize code in chacha20, as per @newpavlov's suggestion
I'm unsure of the name, documentation, and whether it should be a method instead of a function.

[tarcieri]

I think it would be good to add something here about requiring that the bit pattern of all zeros must be valid for the type

[newpavlov]

I do not think this requirement is needed for this function. We just need to mention that the function may leave the memory in a state invalid for type T.

In other words, I think (but not 100% sure) that the following code is safe:

#[repr(transparent)]
struct Foo(NonZeroU32);

impl Drop for Foo {
    fn drop(&mut self) {
        unsafe { zeroize_flat_type(self); }
    }
}

[tarcieri]

I'm not really clear on if that's allowed or not: rust-lang/unsafe-code-guidelines#394

[tarcieri]

Notably it seems like it would be UB with drop_in_place or ManuallyDrop::drop which both permit access to the value after running the Drop impl

[newpavlov]

Both drop_in_place and ManuallyDrop::drop are unsafe, so it should not be a problem. Per ManuallyDrop::drop docs:

However, this “zombie” value should not be exposed to safe code, and this function should not be called more than once. To use a value after it’s been dropped, or drop a value multiple times, can cause Undefined Behavior (depending on what drop does).

For now, we probably should write about validity (with NonZeroU32 as a counter-example), but mention that zeroized state is allowed to break safety invariants of the type.

[tarcieri]

Sure, that sounds good

[nstilt1]

Okay. Feel free to make any changes