Fix various issues in ockam_ffi.

[thomcc]

I had some computer issues this morning that I fixed by updating the OS, which meant that I wasn't on my primary dev machine for the day (I forgot to switch back after the update completed).

As a result of this, I decided to do my audit of the FFI code, which I had been meaning to do for a while (since at Mozilla, this kind of FFI code was my responsibility, so I know some non-obvious pitfalls to watch out for, and the solutions to them).

Fixes #1562, as well as the fact that we unwind from extern "C" fns, which is UB (fixing this robustly is a bit tricky, but not too bad — doing this correctly is a bit involved, but the implementation here should be robust.

I also cleaned up a use of #[cfg(feature = "bls")] when there's no bls feature, which is not that important, but caused a false positive error in my editor.

• All commits in this Pull Request are signed.
• All commits in this Pull Request follow the Ockam commit message convention.
• I accept the Ockam Community Code of Conduct.
• I have accepted the Ockam Contributor Licence Agreement by adding my Git/Github details in a row at the end of the CONTRIBUTORS.csv file in a separate pull request to the ockam-network/contributors repository.

[thomcc]

AssertUnwindSafe here doesn't really matter — UnwindSafe is dubious at best, is unrelated to safety, and we aren't in a position to properly represent it anyway (as propagating the unwinding would be UB).

[thomcc]

In principal, this eprintln! could panic (if stderr is closed, for example), but this Drop can only be called in response to a panic, and Rust calls core::intrinsics::abort if it runs a Drop that panics while it's already panicking.

That is to say, we could implement this Drop as panic!("Panic from error drop, aborting!"), but this has notably better user experience, as core::intrinsics::abort is a SIGILL (on x86), not a SIGABRT.

[jdspdx]

Merged as #2138 - thanks!