improve FFI call effect

[cdstanford]

Currently, we add the FFICall effect when an FFI function is called, not when it is declared. This seems wrong because when an FFI function is public, e.g.

pub extern "C" fn do_some_shady_stuff(...) { ... }

The function is not marked as having any effects, but calling it is clearly dangerous.

This shows up on the system-configuration-sys crate (v 0.5.0) as found by @deian leading to, confusingly, no effects in this crate, and I also copied the relevant source code file to the test-crates/ffi-ex example crate so we can track its results on make test

v0 tasks:

• [x] add an FFIDecl effect when an FFI function is declared

v1 tasks:

• [ ] make sure FFI functions are showing up in the call graph / audit tree (running an audit)
• [ ] remove the FFICall effect when FFI functions are called, as this would now be redundant
• [ ] check the results on make test and make sure the changes look reasonable

[cdstanford]

We are thinking that for now we just add an FFIDecl effect as a temporary measure in addition to the FFICall effect. That way, system-configuration-sys doesn't incorrectly get marked as safe, but we still catch if there are cross-crate FFI function calls and audit them