blake3 versions 0.3.7 - 1.1.0 had a potential memory corruption bug on Windows

[oconnor663]

This was fixed in v1.2.0 (Nov 5, 2021). See BLAKE3-team/BLAKE3#206 and https://github.com/BLAKE3-team/BLAKE3/releases/tag/1.2.0.

Triggering this bug in the affected versions requires a Windows environment that either 1) lacks SSE4.1 support (i.e. an x86 CPU older than 2007), or 2) sets default_features = false. Some callers (e.g. multihash) do set default_features = false in their dependencies, so option 2 is probably more likely than option 1. When the bug is triggered, it corrupts an SSE register, and the effect of that depends on the caller. I'm not aware of any cases in the wild where it had any observable effect. When I've been able to see an effect in testing, it's a corrupt/incorrect hash value, which is arguably a security issue even if there's no path to general memory corruption.