Implement basic secure gate infrastructure

[dbittman]

This PR continues towards secure gates, implementing the following:

• An attribute proc_macro that can be applied to functions to turn them into secure gates, auto-generating the necessary code.
• Basic secure gate library code that supports such calls, including ways to move args and return values around, and pass them safely between compartments.

This is pretty limited right now in terms of the types that can be passed and the functions that can be made into secure gates, and it does not currently do any security enforcement. This PR is about getting rust itself on board with this nonsense :)

A side effect that is noteworthy is that we now set CC and CFLAGS env vars in xtask so that crates that compile C code can do so with our patched clang.

[dbittman]

Yup, makes sense. Had originally intended to remove this for the PR but forgot.