secrecy: support ZeroizeOnDrop

[dima74]

Currently Secret<T> wrapper requires T to implement Zeroize. Would be nice to support ZeroizeOnDrop, that is T need to implement either Zeroize or ZeroizeOnDrop. Consider the example which currently doesn't work:

use secrecy::Secret;
use zeroize::{Zeroize, ZeroizeOnDrop};

pub struct SecretKey([u8; 32]);

impl ZeroizeOnDrop for SecretKey {}
impl Drop for SecretKey {
    fn drop(&mut self) {
        self.0.zeroize();
    }
}

struct Config {
    // doesn't work
    key: Secret<SecretKey>,
}

Would be helpful in case library implements only ZeroizeOnDrop and not Zeroize (e.g. ed25519-dalek)

---

Probably this can be done similar to how #[derive(ZeroizeOnDrop)] is implemented

[tony-iqlusion]

What value does Secret provide for a ZeroizeOnDrop type, which already handles its own zeroization?

[dima74]

@tony-iqlusion first two from documentation:

• Make secret access explicit and easy-to-audit via the ExposeSecret trait
• Prevent accidental leakage of secrets via channels like debug logging

[tony-iqlusion]

We could potentially add a separate wrapper type which doesn't have a Zeroize bound, but that's the best we could do.

Most types which impl ZeroizeOnDrop intentionally do not impl Zeroize so as to avoid "use after zeroize" bugs.