Manage data safely within the client

[ionut-arm]

Some of the data handles by the client could be seen as sensitive and in need of memory scrubbing once they are dropped (or just enhanced protection for reading/revealing).

One example would be the authentication values passed within requests.

Some other bits of data coming from a user might be equally sensitive, but it's debateable:

• hashes given for signing
• signatures returned

[hug-dev]

I agree! We need to classify which inputs are confidential (all of them by default?), document it and clear memory after use, very similarly to parallaxsecond/parsec#122

Would be nice to find a solution that is applicable to all structures we think need scrubbing.

[ionut-arm]

I've been looking at secrecy and zeroize and I think they're both very useful but for different use cases.

We can use secrecy for things that are strictly secret, like the app authentication values (this probably applies more to the interface crate, at the moment). The direct authentication string is probably not secret - but maybe we should mark it as such anyway?

I'm not sure if all inputs are confidential - e.g. key attributes or names? We could make them all clean up afterwards (probably not a high cost). For some of them we need to implement our own wrappers just to impose stricter type controls (e.g. a type for signatures).

[hug-dev]

Some types of the interface are already under Zeroize or Secret, this is to check the client's types.

[hug-dev]

This was dealt with #32