arrow

ARROW-10692: [Rust] Removed undefined behavior derived from null pointers

Currently, our allocation code is not guaranteeing that the `std::mem::alloc` was successful, by checking for whether the returned pointer was not null. Passing null pointers to buffers is dangerous, specially given that Buffers currently expose them without any checks.

This PR is a series of modifications that removes the possibility of having null pointers:

* Made most of our pointers `NonNull` and panic whenever a null pointer tries to sneak to a buffer (either via FFI or a failed allocation)
* Guard against overflow of a pointer address during allocations (relevant for 32 bit systems)
* remove the possibility of a null pointer to be on `RawPtrBox`, flags `RawPtrBox::new` as `unsafe` and documents the invariants necessary to a sound usage of `RawPtrBox`.
* Made all methods in `memory` expect and output a `NonNull`

All these changes were highly motivated by the code in Rust's `std::alloc`, and how it deals with these edge cases.

The main consequence of these changes is that our buffers no longer hold null pointers, which allow us to implement `Deref<[u8]>` (done in this PR), and treat `Buffer` as very similar to an immutable `Vec<u8>` (and `MutableBuffer` closer to `Vec<u8>`). In this direction, this PR renames a bunch of methods:

* `MutableBuffer::data_mut -> MutableBuffer::as_slice_mut`
* `MutableBuffer::data -> MutableBuffer::as_slice`
* `Buffer::data -> Buffer::as_slice`
* `Buffer::raw_data -> Buffer::as_ptr`
* `RawPtrBox::get -> RawPtrBox::as_ptr`

The rational for these names come from `Vec::as_slice_mut`, `Vec::as_slice`, `Vec::as_ptr` and `NonNull::as_ptr` respectively.

Closes #8997 from jorgecarleitao/clean_buffer

Authored-by: Jorge C. Leitao <jorgecarleitao@gmail.com>
Signed-off-by: Jorge C. Leitao <jorgecarleitao@gmail.com>