Make it possible to erase all sensitive information after function exit

[bjorn3]

• What is the feature or code improvement you would like to do in Cranelift? All stack memory and all registers should be clearable when requested by the user of Cranelift.
• What is the value of adding this in Cranelift? This is very useful for cryptographic libraries, where any possible secret leak is one too much.
• Do you have an implementation plan, and/or ideas for data structures or
  algorithms to use? https://internals.rust-lang.org/t/annotations-for-zeroing-the-stack-of-sensitive-functions-which-deal-in-transient-secrets/11588/8
• Have you considered alternative implementations? If so, how are they better
  or worse than your proposal?

[sunfishcode]

This probably would be pretty straightforward to implement.

That said, it's important to keep in mind the limitations of such a feature. This wouldn't prevent operating systems from paging out stack pages to persistent storage, or from saving register state during a context switch or a system suspend. It wouldn't prevent libcalls that Cranelift makes implicitly to runtime libraries or libc from leaving state in their stack frames. It wouldn't prevent a longjmp from jumping past a stack frame, or pthread_kill from killing a thread before its frames can be cleared. It wouldn't prevent hardware from keeping copies of the old values in physical registers, caches, or other microarchitectural state. And it wouldn't protect from many varieties of side-channel attacks. And there might be other limitations I haven't thought of.