Emit a warning around thin `&CStr` interior mutability breaks

[tgross35]

From @chorman0773 https://rust-lang.zulipchat.com/#narrow/stream/219381-t-libs/topic/CStr.20as.20thin.20pointer/near/405432566

Passing an &UnsafeCell<CStr> to size_of_val is currently sound because it just returns the length parameter of the fat pointer. After making CStr thin however, size_of_val will need to call strlen on the data. This is not ok in a &UnsafeCell because another context could be writing the data, e.g. temporarily overwriting the \0.

This seems like something we may be able to emit a warning for?

Thin cstr: #59905

@rustbot label +T-libs +T-compiler +A-diagnostics

[tgross35]

Quick search shows this is hopefully not very common https://github.com/search?q=language%3Arust+%2F%26.*UnsafeCell%3CCStr%3E%2F&type=code

[chorman0773]

Incidentally, I wonder if &UnsafeCell<ThinCStr> itself is sound. I wonder if T-opsem should weigh in on that question. A write could happen and change the size of the memory the reference refers to, and the tag won't be correctly sized - maybe it will be shorter than the memory the reference refers to.

&mut ThinCStr might also have similar issues.

[jmillikin]

Related: my RFC 3536 for !Sized thin pointers had to introduce a new ?Trait to prevent such types from being used with size_of_val(). In general the C concept of DSTs (pointer + computed value size) seems to be incompatible with the Rust semantics of T: ?Sized and size_of_val().