[Swift language features] Improve MarshalToSwift to track size of buffer in parameter

[vitek-karas]

from: #2964 (comment)

MarshalToSwift is prone to buffer overrun issues. It's a virtual call, so the caller technically doesn't know what the callee will be precisely. But at the same time, the caller MUST now the size of the buffer to allocate for swiftDest.

What is the scenario where we have a preexisting buffer and need to marshal to it? So far the callers I've seen all need to allocate before calling this method. And they have to get the size right, otherwise we'll get buffer overruns at runtime.

I think the minimum should be that we don't pass a raw pointer, but some representation of pointer + size. Or better yet, this method would be responsible for allocating the buffer and returning it.

I also find it weird that the method takes a destination buffer, but it may choose to return another buffer. What is the memory ownership? We should at least precisely document this in comments, but ideally redesign the API to make it "secure by default".

[vitek-karas]

Maybe we could use MemoryManager (our own implementation) which would handle the memory ownership. But it's also possible that having a simple struct of our own would be good enough.