Protect pages with secret data from being swapped to disk

[alnyan]

In secrets.rs, the array which is used to store secret key data has zeroize to be erased once dropped, but that doesn't prevent OS from swapping the pages to disk unencrypted.
A possible solution to that may be to use secrets crate to wrap the secret data. That'll additionally provide the functionality zeroize already gives.

[tarcieri]

secrets has a hard FFI dependency on libsodium, whereas zeroize is pure Rust.

FWIW, there's some discussion about adding various strategies (including mlock) for protecting data in-memory to the pure Rust secrecy crate, which is built on zeroize:

iqlusioninc/crates#480

[benma]

I think the secrets module might also leave unwanted copies on the stack which are not zeroed, e.g. these:

ed25519-dalek/src/secret.rs

Lines 267 to 269 in 925eb9e

	let mut hash: [u8; 64] = [0u8; 64];
	let mut lower: [u8; 32] = [0u8; 32];
	let mut upper: [u8; 32] = [0u8; 32];

Or this:

ed25519-dalek/src/public.rs

Line 73 in 925eb9e

let mut bits: [u8; 32] = expanded_secret_key.key.to_bytes();

[isislovecruft]

I'd be interested in the future if a cross-platform solution which does not pull in something large like libsodium were available to ensure pages aren't swapped.