Model shrinking and overwriting transmutes in `pointer::transmute`

[joshlf]

• TryTransmuteFromPtr only needs that the set of DV-valid referents of dst is a subset of the set of SV-valid referents of src. Note that this is slightly different than saying that the set of DV-valid values of Dst is a subset of the set of SV-valid values of Src. In particular:
  • The former statement takes into account that we only care about a particular size of Src and Dst – we don't need to reason about other sizes (other than the size of this particular referent)
  • The former statement is only useful when we're talking about size-preserving transmutes. If we're talking about size-shrinking, then this is insufficient.

Plan:

• Step 1: Nail down current semantics, which don't permit shrinking transmutes
  • Update TryTransmuteFromPtr with the requirement that "set of DV-valid referents of dst is a subset of the set of SV-valid referents of src"
  • Update the proof on the impl of TryTransmuteFromPtr which does permits reverse transmutation – update it so that it relies on SizeEq::CastFrom::project being size-preserving.
  • This is done: Clarify semantics of size-preserving transmutes #2911
• Step 2: Remove TryTransmuteFromPtr: SizeEq super-trait bound and permit any size-preserving transmute
  • This is done: [transmute] Remove SizeEq super-trait bound #2920
• Step 3: Permit shrinking transmutes
  • Allow SizeEq::CastFrom to perform shrinking transmutes
  • Update TryTransmuteFromPtr to handle both non-shrinking and shrinking transmutes (including the cases of immutable shrinking and mutable shrinking (which permits overwriting/tearing))
  • Update the proof on the impl of TryTransmuteFromPtr which does permit reverse transmutation – add a SizeEq::CastFrom: CastExact bound so that it does not support shrinking
  • The impl of TryTransmuteFromPtr which bans reverse transmutation (for shared Immutable pointers) now naturally supports shrinking
• Step 4: Support overwriting transmutes