Box zeroize to prevent leaving copies on move.

[tomusdrw]

CC @cheme

[That3Percent]

This is a good step to fix the leaking of private data, but is not yet foolproof.

Consider for example that the API:

pub fn boxed(key: SecretKey) -> Box<Self> {
         Box::new(Self(key))
     }

May create copies of the SecretKey on the stack. The optimizer might remove some of these copies, but that's depending on whether the function is inlined which is not deterministic when there are multiple codegen units.

I've implemented a version which copies from the reference after the memory is allocated here:
https://github.com/graphprotocol/solidity-bindgen/blob/master/solidity-bindgen/src/secrets.rs

The relevant section is in SafeSecretKey::new(secret: &SecretKey) which allocates first, then copies from a reference into the allocation. In that implementation, it goes the extra mile to mlock the memory to avoid paging to disk as well.

If you like I can pull SafeSecretKey out of solidity-bindgen and into a crate for use in web3. Just say the word. Or, feel free to copy any code out of it into here.