create_extern_c_wrapper should probably define an unsafe function

[adamreichold]

create_extern_c_wrapper currently defines a safe function via a C-compatible ABI and uses unsafe blocks to transform raw pointers into slices. An unsafe block is basically an assertion to the compiler, that the author is able to check the relevant preconditions for the unsafe operations to be correct. However, a raw pointer can never be verified without additional information, e.g. even if it is non-null and the alignment is valid, it could still be dangling to pointing into a completely different allocation.

This suggests that it is the responsibility of the calling (C++) code to ensure that the pointers are valid as the Rust code has no ability to check the pointers and hence justify the unsafe blocks. This would be expressed by marking the whole function unsafe which is fitting as the calling C++ is considered "unsafe" by definition.