audit: ensure unsafe blocks are really safe [WPB-10887]

[coriolinus]

What's new in this PR

• audit all unsafe blocks in core-crypto
• add deny rules for undocumented unsafe
• adjust code as required to ensure safety of unsafe blocks
• add documentation to each unsafe block about how our use of it is safe

---

PR Submission Checklist for internal contributors

• The PR Title
  • conforms to the style of semantic commits messages¹ supported in Wire's Github Workflow²
  • contains a reference JIRA issue number like SQPIT-764
  • answers the question: If merged, this PR will: ... ³

1. https://sparkbox.com/foundry/semantic_commit_messages
2. https://github.com/wireapp/.github#usage
3. E.g. feat(conversation-list): Sort conversations by most emojis in the title #SQPIT-764.

[github-actions]

Bencher Report

Branch	prgn/doc/unsafe-blocks
Testbed	ubuntu-latest

Click to view all benchmark results

Benchmark	Latency	milliseconds (ms)
Commit add f(group size)/cs1/mem/1002	📈 view plot 🚷 view threshold	18.69
Commit add f(group size)/cs1/mem/2	📈 view plot 🚷 view threshold	6.94
Commit add f(group size)/cs1/mem/202	📈 view plot 🚷 view threshold	9.60
Commit add f(group size)/cs1/mem/402	📈 view plot 🚷 view threshold	11.98
Commit add f(group size)/cs1/mem/602	📈 view plot 🚷 view threshold	14.89
Commit add f(group size)/cs1/mem/802	📈 view plot 🚷 view threshold	16.85
Commit add f(number clients)/cs1/mem/1002	📈 view plot 🚷 view threshold	985.74
Commit add f(number clients)/cs1/mem/2	📈 view plot 🚷 view threshold	6.80
Commit add f(number clients)/cs1/mem/202	📈 view plot 🚷 view threshold	85.56
Commit add f(number clients)/cs1/mem/402	📈 view plot 🚷 view threshold	220.57
Commit add f(number clients)/cs1/mem/602	📈 view plot 🚷 view threshold	426.73
Commit add f(number clients)/cs1/mem/802	📈 view plot 🚷 view threshold	675.35
Commit pending proposals f(group size)/cs1/mem/1002	📈 view plot 🚷 view threshold	117.91
Commit pending proposals f(group size)/cs1/mem/2	📈 view plot 🚷 view threshold	28.45
Commit pending proposals f(group size)/cs1/mem/202	📈 view plot 🚷 view threshold	46.12
Commit pending proposals f(group size)/cs1/mem/402	📈 view plot 🚷 view threshold	61.55
Commit pending proposals f(group size)/cs1/mem/602	📈 view plot 🚷 view threshold	80.08
Commit pending proposals f(group size)/cs1/mem/802	📈 view plot 🚷 view threshold	94.71
Commit pending proposals f(pending size)/cs1/mem/1	📈 view plot 🚷 view threshold	19.11
Commit pending proposals f(pending size)/cs1/mem/101	📈 view plot 🚷 view threshold	116.23
Commit pending proposals f(pending size)/cs1/mem/21	📈 view plot 🚷 view threshold	35.86
Commit pending proposals f(pending size)/cs1/mem/41	📈 view plot 🚷 view threshold	57.22
Commit pending proposals f(pending size)/cs1/mem/61	📈 view plot 🚷 view threshold	75.94
Commit pending proposals f(pending size)/cs1/mem/81	📈 view plot 🚷 view threshold	95.78
Commit remove f(group size)/cs1/mem/1002	📈 view plot 🚷 view threshold	27.67
Commit remove f(group size)/cs1/mem/2	📈 view plot 🚷 view threshold	6.74
Commit remove f(group size)/cs1/mem/202	📈 view plot 🚷 view threshold	9.08
Commit remove f(group size)/cs1/mem/402	📈 view plot 🚷 view threshold	12.19
Commit remove f(group size)/cs1/mem/602	📈 view plot 🚷 view threshold	17.36
Commit remove f(group size)/cs1/mem/802	📈 view plot 🚷 view threshold	21.73
Commit remove f(number clients)/cs1/mem/1002	📈 view plot 🚷 view threshold	31.39
Commit remove f(number clients)/cs1/mem/2	📈 view plot 🚷 view threshold	137.30
Commit remove f(number clients)/cs1/mem/202	📈 view plot 🚷 view threshold	115.21
Commit remove f(number clients)/cs1/mem/402	📈 view plot 🚷 view threshold	93.87
Commit remove f(number clients)/cs1/mem/602	📈 view plot 🚷 view threshold	72.47
Commit remove f(number clients)/cs1/mem/802	📈 view plot 🚷 view threshold	51.41
Commit update f(group size)/cs1/mem/1002	📈 view plot 🚷 view threshold	137.59
Commit update f(group size)/cs1/mem/2	📈 view plot 🚷 view threshold	7.02
Commit update f(group size)/cs1/mem/202	📈 view plot 🚷 view threshold	33.71
Commit update f(group size)/cs1/mem/402	📈 view plot 🚷 view threshold	60.09
Commit update f(group size)/cs1/mem/602	📈 view plot 🚷 view threshold	86.80
Commit update f(group size)/cs1/mem/802	📈 view plot 🚷 view threshold	111.71

🐰 View full continuous benchmarking report in Bencher

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 63.96396% with 40 lines in your changes missing coverage. Please review.

Project coverage is 78.40%. Comparing base (26dde1d) to head (5a64fe4).
Report is 7 commits behind head on main.

Files with missing lines	Patch %	Lines
keystore/src/entities/mls.rs	16.66%	5 Missing ⚠️
...eystore/src/entities/platform/generic/mls/group.rs	33.33%	4 Missing ⚠️
...re/src/entities/platform/generic/mls/credential.rs	40.00%	3 Missing ⚠️
...ntities/platform/generic/mls/encryption_keypair.rs	40.00%	3 Missing ⚠️
...s/platform/generic/mls/epoch_encryption_keypair.rs	40.00%	3 Missing ⚠️
.../entities/platform/generic/mls/hpke_private_key.rs	40.00%	3 Missing ⚠️
...re/src/entities/platform/generic/mls/keypackage.rs	40.00%	3 Missing ⚠️
...src/entities/platform/generic/mls/pending_group.rs	50.00%	3 Missing ⚠️
...c/entities/platform/generic/mls/pending_message.rs	40.00%	3 Missing ⚠️
...re/src/entities/platform/generic/mls/psk_bundle.rs	40.00%	3 Missing ⚠️
... and 4 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #895      +/-   ##
==========================================
- Coverage   78.44%   78.40%   -0.05%     
==========================================
  Files         113      113              
  Lines       20097    20166      +69     
==========================================
+ Hits        15766    15811      +45     
- Misses       4331     4355      +24     

Files with missing lines	Coverage Δ
crypto-macros/src/entity_derive/derive_impl.rs	100.00% <100.00%> (ø)
keystore/src/connection/mod.rs	72.28% <ø> (ø)
keystore/src/entities/mod.rs	83.72% <100.00%> (-0.19%)	⬇️
keystore/src/transaction/mod.rs	91.39% <100.00%> (+0.17%)	⬆️
.../src/entities/platform/generic/proteus/identity.rs	77.52% <50.00%> (-0.64%)	⬇️
...re/src/entities/platform/generic/proteus/prekey.rs	94.59% <66.66%> (-1.19%)	⬇️
keystore/src/connection/platform/generic/mod.rs	91.66% <93.93%> (+1.34%)	⬆️
...re/src/entities/platform/generic/mls/credential.rs	96.15% <40.00%> (-1.47%)	⬇️
...ntities/platform/generic/mls/encryption_keypair.rs	96.09% <40.00%> (-1.49%)	⬇️
...s/platform/generic/mls/epoch_encryption_keypair.rs	95.28% <40.00%> (-1.78%)	⬇️
... and 8 more

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 26dde1d...5a64fe4. Read the comment docs.

[istankovic]

I see only some of the crates are covered by deny(clippy...). I think we also want to include at least crypto-macros too.

Regarding the rest, such as decode, stuff under extras, interop... I guess those are not as critical, but would like to clarify their status explicitly.

Ideally, it would be nice if we could configure some lints globally, so that we don't have to repeat this everywhere. I think this is one of those that could make sense to apply globally.

[SimonThormeyer]

To the best of my knowledge, this is good to go.
Nice work!