onionmasq-apple: add Apple platforms implementation (squashed)

• This commit contains all of tla's work in !117 (closed), rebased onto latest main, tidied up and improved a bit.
  • (Note that this commit message was written by eta after squashing everything into 1 commit, as the original development used like 20.)
• The new onionmasq-apple crate is mostly a clone of onionmasq-mobile, but with all the JNI interop stripped out and replaced with a C API.
  • We also have some code that tla wrote to interface with an Apple NEPacketTunnelFlow using a pair of C callbacks and a custom async device passed to onion-tunnel.
  • This stores a buffer and a waker on the Rust side and uses that to handle calling the reader function asynchronously.
• Unlike with the Android port, the onionmasq-apple crate is not self-contained -- it's currently designed to be used within Tor.framework 1.
  • It'd be nice to change this, but it's probably tricky to do so.
  • One thing we will want to change is probably the new Makefile and such that's hackily situated in the project root, which might mislead people somewhat.
• Apple doesn't require protect() nor provide the ability to do isolate(), so these features are unimplemented in onionmasq-apple.
• The duplication between the two mobile crates might want to be cleaned up in a future commit -- in particular, since both use the same JSON/event framing for communicating changes to the embedding app, we might want to just make that a part of onion-tunnel directly.
• Changes to the rest of the project include getting rid of the unnecessary phy-raw_socket smoltcp feature, and building lzma statically to avoid it having to be compiled in Xcode.

cc @tla -- please take a look at the amended commit message and the changes (you can see an unsquashed copy of the stuff I've added here) and let me know whether you're happy with everything!