Remove CryptoGenerator

[dhardy]

• Added a CHANGELOG.md entry

Motivation

Removes CryptoGenerator since rust-random/rand#1722 makes it useless.

Removes fn Generator::drop since it can be confusing.

Adds fn BlockRng::clear explicitly for use with zeroize, since it is clear we do need to care about that and an explicit method appears to be the best solution (without actually depending on the zeroize crate).

Soft-blocker: chacha20 will need a new zeroize release to use clear correctly.

[dhardy]

@tarcieri this PR requires using code like the following to implement zeroization. Do you approve?

block_rng.core.zeroize();
block_rng.clear();
zeroize::optimization_barrier(&block_rng)

[tarcieri]

Has anyone inspected the generated assembly to confirm zeroization is actually working correctly?

[dhardy]

I haven't.

If we don't get confirmation this works before Sunday, I guess I'll only remove CryptoGenerator and publish that. Or would you prefer to delay again? (I won't have any time on Saturday, should have some tomorrow.)

[tarcieri]

I would prefer to avoid delays if possible

[newpavlov]

@tarcieri
I demonstrated generated assembly for optimization_barrier using godbolt links in the zeroize PRs. Sure, I used [u8; N] instead of the BlockRng::clear method but it should make no difference.

[dhardy]

I opted to remove the commits replacing fn Generator::drop with BlockRng::clear since it is easier to prove that drop works as intented at the use-site, and the priority for now is to get out something reliably usable for v0.10. Possibly we should drop the block module altogether before 1.0.

    /// Clear the results buffer
    ///
    /// This overwrites all bits of the results buffer, and thus may be useful
    /// in conjunction with [`zeroize`](https://docs.rs/zeroize/).
    #[inline]
    pub fn clear(&mut self) {
        self.results = [W::default(); N];
        self.results[0] = W::from_usize(N);
    }