Improve zeroization of key buffer

[AaronFeickert]

🎟️ Tracking

None.

📔 Objective

Currently, the temporary buffer used for deriving shareable keys is manually zeroized. While documentation indicates that preceding expect calls cannot fail, this still seems brittle to future changes.

This PR places the buffer into a Zeroizing wrapper. It is still the case that zeroization may not occur on a panic, but this was already the case with the existing implementation, which would never zeroize in such a case.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation
  team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
  issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[CLAassistant]

All committers have signed the CLA.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 58.11%. Comparing base (eeda462) to head (a779aed).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1069      +/-   ##
==========================================
- Coverage   58.12%   58.11%   -0.01%     
==========================================
  Files         197      197              
  Lines       13532    13531       -1     
==========================================
- Hits         7865     7864       -1     
  Misses       5667     5667              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Hinton]

Hi @AaronFeickert,

This change looks reasonable, I think the only disadvantage is that it's slightly less obvious that res is mutated.

Since we wrote this code we've also implement our own Allocator which zeros on dealloc which should act as an additional guard against sensitive memory being leaked.

Can you please run cargo +nightly fmt to make the formatted happy?

[AaronFeickert]

@Hinton sorry about that! I had run the formatter locally, but must have forgotten to push it. It's now passing formatting and has been rebased.

[Hinton]

LGTM, thanks for the improvement.