riscv: All the CSR write operations should be unsafe by default

[jsgf]

In general we should assume that writing to CSRs could do something that potentially violates the Rust abstract model.

Macros like write_csr_as and write_csr_as_usize should at least default to unsafe, and maybe have an option to make a safe variant on a CSR by CSR basis.

[romancardenas]

As I always do, I checked the cortex-m crate and... they use the same fashion you propose 😁

In other words, I am in favor of your proposal.

[alistair23]

I agree. Writing to RISC-V CSRs can cause all sorts of unsafe behaviour. There are a few that probably aren't unsafe but they need some reasoning about why they aren't. unsafe by default is the way to go

[romancardenas]

We commented this issue in yesterday's meeting and the general impression is that we should:

• By default, make all writes unsafe for every CSR
• Then go CSR by CSR analyzing their implications and, if it applies, make particular cases safe (when it is not harmful).