Allocator wrapper implementation contains undefined behavior

[complexspaces]

Hey there,

While looking at Bitwarden's implementation of zeroizing dealloc, I noticed that there is some undefined behavior present:

• slice::from_raw_parts on an entire object is invalid. This is because structures and other types may contain padding bytes, which are not initialized during the allocation process. By making a slice from it, you are essentially converting MaybeUninit<u8> to u8 unsoundly. Rust is clear that integers may uninitialized.
• All of the tests, which are disabled on some platforms (out of curiosity, which ones?) are all full of UB. Even if its only in a test, reading memory from a freed heap object's pointer is undefined/unsound in basically every language, not just Rust. IMO the tests should be either deleted or replaced with a custom GlobalAlloc that keeps track of all allocations and can provide a sound API to check if "freed" memory was wiped with zeroes.

We (1Password) made a similar crate wrapper last year for our Core, and we just open sourced it today if you'd like to use it directly or as a reference to improve on this: https://github.com/1Password/zeroizing-alloc