Warn on unsafe blocks which don't have a safety comment

[TomAFrench]

@nventuro posted in slack about how the fairies have been just wrapping unsafe blocks around unconstrained function calls without explaining why it's safe:

tldr: whenever we use unsafe there should be a comment explaining why what's being done is ok
either:
a) we wrap the unsafe function in a safe function because we apply proper constraints (e.g. see the historical state reads)
b) we explain why unconstrained usage is ok in this specific context (e.g. because we trust the sender already with our privacy, and so we trust them to choose good randomness)
c) we don't use an unsafe block and leave the warning as a reminder that at some point in the future we need to revisit this and apply either a) or b)
snippets like the above can be forgotten about, and the reader is clueless as to why unconstrained values are suddenly injected, and if/why that's ok

We should add a warning to encourage users to explain why their usage of unsafe blocks are safe rather then just wrapping the call in unsafe just to silence the other warning:

See rust-lang/rust-clippy#9330