bitref: bit-level reference types

Adds a crate providing a `&BitSlice`/`&mut BitSlice` type which is
constructable from `&[u8]` but provides slicing at the granularity of
individual bits. The name of the crate is a play on `bitvec`, which
provides a similar type. However, the implementation in this crate is
significantly simpler with a much smaller code surface and minimal use
of `unsafe` code.

The implementation is a generalization of RustCrypto/formats#2300 which
sought to implement a similar data structure as a reference type for
representing ASN.1 BIT STRINGs. However, using this approach was
deferred because the implementation relies on a conversion which is
sound under Tree Borrows (as verified by Miri) but unsound under Stacked
Borrows as it loses provenance. See rust-lang/unsafe-code-guidelines#134

There are several places such a data structure is potentially useful for
RustCrypto projects. Beyond the previously mentioned ASN.1 BIT STRING
use case, being able to iterate over bits is useful in many numerical
algorithms with applications in cryptography, notably in `crypto-bigint`
and for elliptic curves.

Elliptic curve scalar multiplication is generally implemented as a loop
over the bits of a scalar. Having an iterator type for this purpose
avoids problems relating to the endianness of how scalars are serialized
when implementing generic scalar multiplication algorithms, e.g. wNAF
(see RustCrypto/group#12).

Given the current open soundness story, I'm not rushing to use this in
`crypto-bigint` until that changes. Where we could use it today though
is as an optional dependency to `der`, where it can act as an ASN.1
BIT STRING type, but implement `ToOwned` producing a
`der::asn1::BitString` (which, to make `ToOwned` work, needs to impl
`Borrow<BitSlice>`).

This would make it optionally possible to use `Cow` for copy-on-write
BIT STRINGs today with `BitSlice` as the borrowed form, but leaving the
preferred default data structure for that purpose as
`der::asn1::BitStringRef`, which is a lifetime-parameterized struct
that avoids the open soundness questions around `BitSlice`.

From there we can see what develops around the soundness story and SB/TB
discrepancy, and beyond that new Rust features like custom DSTs which
may make expressing structures like this less of a hack.

Author: tarcieri

.github/workflows/bitref.yml

@@ -0,0 +1,135 @@
+name: bitref
+
+on:
+  pull_request:
+    paths:
+      - ".github/workflows/bitref.yml"
+      - "bitref/**"
+      - "Cargo.*"
+  push:
+    branches: master
+
+permissions:
+  contents: read
+
+defaults:
+  run:
+    working-directory: bitref
+
+env:
+  CARGO_INCREMENTAL: 0
+  RUSTFLAGS: "-Dwarnings"
+
+# Cancels CI jobs when new commits are pushed to a PR branch
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  build-no-std:
+    strategy:
+      matrix:
+        target:
+          - riscv32i-unknown-none-elf
+          - thumbv7em-none-eabi
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: RustCrypto/actions/cargo-cache@master
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: stable
+          targets: ${{ matrix.target }}
+      - uses: RustCrypto/actions/cargo-hack-install@master
+      - run: cargo build --target ${{ matrix.target }}
+
+  minimal-versions:
+    uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master
+    with:
+      working-directory: ${{ github.workflow }}
+
+  test:
+    strategy:
+      matrix:
+        include:
+          - rust: 1.85.0 # MSRV
+          - rust: stable
+    runs-on: "ubuntu-latest"
+    steps:
+      - uses: actions/checkout@v6
+      - uses: RustCrypto/actions/cargo-cache@master
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+      - run: cargo test
+
+  # Test using `cargo careful`
+  test-careful:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: dtolnay/rust-toolchain@nightly
+      - run: cargo install cargo-careful
+      - run: cargo careful test
+
+  # Cross-compiled tests
+  test-cross:
+    strategy:
+      matrix:
+        include:
+          # ARM32
+          - target: armv7-unknown-linux-gnueabi
+            rust: 1.85.0 # MSRV
+          - target: armv7-unknown-linux-gnueabi
+            rust: stable # MSRV
+          # PPC32
+          - target: powerpc-unknown-linux-gnu
+            rust: 1.85.0 # MSRV
+          - target: powerpc-unknown-linux-gnu
+            rust: stable
+          # RISCV64
+          - target: riscv64gc-unknown-linux-gnu
+            rust: stable
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: RustCrypto/actions/cargo-cache@master
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+          targets: ${{ matrix.target }}
+      - uses: RustCrypto/actions/cross-install@master
+      - run: cross test --target ${{ matrix.target }}
+
+  # Test using `cargo miri`
+  test-miri:
+    runs-on: ubuntu-latest
+    env:
+      MIRIFLAGS: "-Zmiri-tree-borrows -Zmiri-strict-provenance -Zmiri-symbolic-alignment-check -Zmiri-backtrace=full"
+    strategy:
+      matrix:
+        target:
+          - armv7-unknown-linux-gnueabi
+          - powerpc-unknown-linux-gnu
+          - riscv64gc-unknown-linux-gnu
+          - s390x-unknown-linux-gnu
+          - x86_64-unknown-linux-gnu
+    steps:
+      - uses: actions/checkout@v6
+      - uses: dtolnay/rust-toolchain@nightly
+      - run: rustup component add miri && cargo miri setup
+      - run: cargo miri test --target ${{ matrix.target }}
+
+  # Test WASM using `wasmtime`
+  test-wasm:
+    runs-on: ubuntu-latest
+    env:
+      CARGO_TARGET_WASM32_WASIP1_RUNNER: "wasmtime"
+    steps:
+      - uses: actions/checkout@v6
+      - uses: bytecodealliance/actions/wasmtime/setup@v1
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: stable
+          targets: wasm32-wasip1
+      - run: cargo test --target wasm32-wasip1