Patch upstream crates, where possible, to support Zeroize.

Thanks to #254 (closed), we will soon have a standard for what we would like to zeroize.

But these crates lack support for the Zeroize trait:

We generally want to Zeroize our hashes when we're using them for kdf purposes, and not otherwise. But unfortuately we have a big pile of kdfs, and so support for each of these would be lovely.

I have not audited these crates:

openssl
native-tls
ring
rustls

This will be a large amount of work that we can do whenever. Perhaps others will beat us to it.