feat: Readonly span support (#252)

# Changes

## Spans buffers and spans

Adds new methods that allow passing in a buffer 

```
CreatePasswordHash(ReadOnlySpan<char> inputKey, ReadOnlySpan<char> salt,
        Span<char> outputBuffer, out int outputBufferWritten,
        HashType hashType = HashType.None,
        EnhancedHashDelegate enhancedHashKeyGen = null)
```

Adds in buffer zeroing when no longer needed to reduce time in memory.

Changed targeting and csproj defined constants to ensure net8 still
gains the available support for span that came with the memory package
and netstandard support. This could potentially start at 4.7.2 but the
netstandard integration was iffy.

## Validate input length (Breaking)

If the usage doesn't make use of the enhanced hash generation to retain
entropy (aka the standard use) the library will throw when the input to
hash length is greater than 72 bytes.
This isn't standard behaviour in most bcrypt libraries where truncating
silently is the default.
But I believe this is necessary, should always have been in place, and
will force developers to decide deliberately to truncate input at 72 if
they wish to retain existing behaviour.

## Enhanced Hashing V3

* Split 'enhanced' versions into separate classes
* Swap func for delegate
* Add span based calls

Along with switching the func to a bog standard delegate, splitting the
enhanced versions into separate classes simplified maintaining the
previous versions and adding in the new version.
The v3 enhanced hash adds in keyed HMAC which apart from protecting
against theorical risks of shucking adds a further uniqueness to the
produced key material.

## Experimental SafeString support

Hate SafeString, it's filled with lies and was really only a useful
feature in Windows. In an API it should never be touched but there are
some cases in Windows apps where people still require it to tick a box
so I've added a sort of basic implementation
This code requires unsafe enabled so will probably be disabled
initially.

## SecureEquals check

This basically needed to be made for the span handling but also allowed
a few minor optimizations which mimic the code in the .net codebase.

## Net 10

We basically try to tag against the lts releases; the code may be
updated to target sts between releases to assertain if there is any
performance improvement worth having but otherwise its lts.

## Examples

The api uses the identity extension to enable bcrypt passwords; chucked
in a maui to test performance on android as we've been asked before by
people doing the hashing at the device level

## Release Benchmarks

Separate project that tests previous nuget package versions; its mostly
as a simple way to test for regressions in performance while the other
benchmark project is for testing components in a more targeted way.


Resolves #211

Author: ChrisMcKee

.codacy.yml

@@ -0,0 +1,10 @@
+exclude_paths:
+  - ".github/**"
+  - ".config/**"
+  - "coverage/**"
+  - "vendor/**"
+  - "docs/**"
+  - "examples/**"
+  - "assets/**"
+  - "tests/**"
+  - "benchmarks/**"

.config/dotnet-tools.json

@@ -0,0 +1,27 @@
+{
+  "version": 1,
+  "isRoot": true,
+  "tools": {
+    "dotnet-coverage": {
+      "version": "18.1.0",
+      "commands": [
+        "dotnet-coverage"
+      ],
+      "rollForward": false
+    },
+    "dotnet-stryker": {
+      "version": "4.12.0",
+      "commands": [
+        "dotnet-stryker"
+      ],
+      "rollForward": false
+    },
+    "docfx": {
+      "version": "2.78.4",
+      "commands": [
+        "docfx"
+      ],
+      "rollForward": false
+    }
+  }
+}

.editorconfig

@@ -79,5 +79,4 @@ csharp_new_line_before_finally = true
 csharp_new_line_before_members_in_object_initializers = true
 csharp_new_line_before_members_in_anonymous_types = true
 
-
-file_header_template = /*\nThe MIT License (MIT)\nCopyright (c) 2006 Damien Miller djm@mindrot.org (jBCrypt)\nCopyright (c) 2013 Ryan D. Emerle (.Net port)\nCopyright (c) 2016/2025 Chris McKee (.Net-core port / patches / new features)\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files\n(the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify,\nmerge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished\nto do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\nIN THE SOFTWARE.\n*/
+file_header_template = /*\nThe MIT License (MIT)\nCopyright (c) 2006 Damien Miller djm@mindrot.org (jBCrypt)\nCopyright (c) 2013 Ryan D. Emerle (.Net port)\nCopyright (c) 2016 Chris McKee (.Net-core port / patches / new features)\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files\n(the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify,\nmerge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished\nto do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\nIN THE SOFTWARE.\n*/

.github/CODEOWNERS

@@ -0,0 +1 @@
+*       @chrismckee

.github/codeql/codeql-config.yml

@@ -0,0 +1,5 @@
+paths:
+ - 'src'
+paths-ignore:
+ - '**/examples/**'
+ - '**/benchmarks/**'

.github/dependabot.yml

@@ -9,12 +9,8 @@ updates:
         update-types: ["version-update:semver-major"]
       - dependency-name: "System.Runtime.Caching"
         update-types: ["version-update:semver-major"]
-    reviewers:
-      - "chrismckee"
 
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "daily"
-    reviewers:
-      - "chrismckee"

.github/workflows/ci-build-pr.yml

@@ -0,0 +1,106 @@
+name: CI PR Build
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'main'
+    paths-ignore:
+      - 'docs/**'
+      - '.github/**'
+  pull_request:
+    branches:
+      - 'main'
+    paths-ignore:
+      - 'docs/**'
+      - '.github/**'
+
+
+permissions:
+  contents: read
+  issues: read
+  pull-requests: write
+  checks: write
+
+env:
+  DOTNET_NOLOGO: true
+  DOTNET_GENERATE_ASPNET_CERTIFICATE: false
+  DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
+
+jobs:
+  build:
+    name: Build and Test
+    runs-on: ubuntu-24.04
+    steps:
+    - name: 'Harden Runner'
+      uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+      with:
+        egress-policy: audit
+
+    - name: 'Checkout'
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      with:
+        fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
+ 
+    - name: 'Setup .NET SDK'
+      uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
+      with:
+        dotnet-version: 10.x
+
+    - name: 'Restore external dependencies'
+      run: dotnet restore
+
+    - name: 'Build'
+      id: build
+      run: dotnet build --configuration Debug --no-restore
+
+    - name: 'Test'
+      id: test
+      run: dotnet run --configuration Release --coverage --coverage-output-format cobertura --report-github --project tests/UnitTests/BCrypt.Net.UnitTests.csproj
+
+    - name: 'Generate Coverage Reports'
+      uses: danielpalme/ReportGenerator-GitHub-Action@c4c5175a441c6603ec614f5084386dabe0e2295b # v5.4.12
+      with:
+        reports: "tests/**/*.cobertura.xml"
+        targetdir: "${{ github.workspace }}"
+        reporttypes: "Cobertura" 
+        verbosity: "Info" 
+        title: "Code Coverage" 
+        tag: "${{ github.run_number }}_${{ github.run_id }}"
+        toolpath: "reportgeneratortool"
+        license: ${{ secrets.REPORT_GENERATOR_LICENSE }}
+
+    - name: Publish Code Coverage Report
+      uses: irongut/CodeCoverageSummary@51cc3a756ddcd398d447c044c02cb6aa83fdae95 # v1.3.0
+      with:
+        filename: "Cobertura.xml"
+        badge: true
+        fail_below_min: false # just informative for now
+        format: markdown
+        hide_branch_rate: false
+        hide_complexity: false
+        indicators: true
+        output: both
+        thresholds: "10 30"
+
+    - name: Upload Code Coverage Results
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      with:
+        name: coverage-results
+        path: |
+          ${{ github.workspace }}/Cobertura.xml
+          ${{ github.workspace }}/code-coverage-results.md
+        retention-days: 5
+
+    - name: Publish Test Results
+      uses: EnricoMi/publish-unit-test-result-action@afb2984f4d89672b2f9d9c13ae23d53779671984 # v2.19.0
+      if: always()
+      with:
+        files: "tests/**/TestResults.xml"
+
+    - name: Upload Test Artifacts
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      with:
+        name: test-results
+        path: "tests/**/TestResults.xml"
+        retention-days: 5

.github/workflows/ci-build.yml

@@ -8,9 +8,7 @@ on:
     paths-ignore:
       - 'docs/**'
       - '.github/**'
-  pull_request:
-    branches:
-      - 'main'
+
 
 permissions:
   contents: read
@@ -29,19 +27,19 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
     - name: 'Harden Runner'
-      uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+      uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
       with:
         egress-policy: audit
 
     - name: 'Checkout'
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       with:
         fetch-depth: 0 # avoid shallow clone so nbgv can do its work.
 
     - name: 'Setup .NET SDK'
-      uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
+      uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
       with:
-        dotnet-version: 9.0.x
+        dotnet-version: 10.0.x
 
     - name: 'Restore external dependencies'
       run: dotnet restore
@@ -56,14 +54,11 @@ jobs:
         name: build-artifacts
         path: |
           src/**/BCrypt.*.nupkg
-          src/**/BCrypt.*.dll
-          src/**/BCrypt.*.deps.json
-          src/**/BCrypt.*.xml
         retention-days: 5
 
     - name: 'Test'
       id: test
-      run: dotnet test --restore --collect:"XPlat Code Coverage" --logger junit --configuration Debug
+      run: dotnet run --configuration Release --coverage --coverage-output-format cobertura --report-github --project tests/UnitTests/BCrypt.Net.UnitTests.csproj
 
     - name: 'Create test summary'
       uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2.4
@@ -73,9 +68,9 @@ jobs:
       if: always()
 
     - name: 'Generate Coverage Reports'
-      uses: danielpalme/ReportGenerator-GitHub-Action@cc137d2b561c02b63ae869ffbe8f68af9d904bf4 # 5.4.6
+      uses: danielpalme/ReportGenerator-GitHub-Action@c4c5175a441c6603ec614f5084386dabe0e2295b # v5.4.12
       with:
-        reports: "tests/**/coverage.cobertura.xml"
+        reports: "tests/**/*.cobertura.xml"
         targetdir: "${{ github.workspace }}"
         reporttypes: "Cobertura" 
         verbosity: "Info"