s2n_stuffer should support read only semantics

[jmayclin]

Problem:

The C pointer often take mutable pointers when the API is logically const.

This results in a large number unsafe casts in the Rust bindings. There are limited mechanisms to enforce that

1. the statements were correct with the code was written
2. the statements will remain correct as the code evolves.

This has already been discussed in #4140 .

Part of resolving this will require s2n_stuffers to support read-only behaviors.

struct s2n_stuffer* s = s2n_stuffer_from_ro_data(const uint8_t* data);

We already have methods for this purpose, but they serve more as documentation than enforcement.

s2n-tls/stuffer/s2n_stuffer.h

Lines 195 to 196 in 9877437

	int S2N_RESULT_MUST_USE s2n_stuffer_alloc_ro_from_string(struct s2n_stuffer *stuffer, const char *str);
	int S2N_RESULT_MUST_USE s2n_stuffer_init_ro_from_string(struct s2n_stuffer *stuffer, uint8_t *data, uint32_t length);

Solution:

Any improvement is good. A solution does not have to be perfect to provide us with utility.

Correspondingly, s2n-tls should add runtime checks to the s2n_stuffer.

A bitflag writeable would be added to s2n_stuffer.

All methods that write to the data inside the stuffer would include a new check

RESULT_PRECONDITION(s2n_stuffer_is_writeable(s));

Standard stuffer initialization methods would set writeable to true. s2n_stuffer_init_ro_from_string would not set the writeable bit. This would make storing const data in s2n_stuffers much safer.