Switch to a lightweight CStr wrapper

Rust's CStr is a fat pointer, whereas this CStr is a zero-cost wrapper over const char *, based on the invariant that all memory up to and including the NUL byte, must be valid.

LOTS of relibc functions that use error-prone unsafe, can most likely be rewritten to use this wrapper. For example, printf. Hopefully, being #[repr(transparent)], this type can be a direct replacement for const char * in Rust-defined functions, such as strlen, which in some cases eliminates the need for unsafe (they'll be safe to call from Rust, but not from C).

Also fixes getgrouplist, which was UB at three places, and removes the lazy_static and spin dependencies.