make defense-in-depth memsets work in spite of compilers

In many places in our code, we memset things to zero before leaving a function or freeing memory, in an attempt to limit the damage that could be done by a postfacto information leak. But it appears that compilers like to "helpfully" optimize these out.

I've verified that the Llvm-gcc from the latest OSX does this; I haven't yet had time to check vanilla gccs yet.

Obviously, we should fix this. It is not a vulnerability per se, but if there are information leaks from memory, it could make their impact worse than they would be otherwise. It seems like an 024 issue but I could be persuaded otherwise.

Andrey Karpov pointed this out in a recent article, but I can't realistically copy links on this phone.

Next steps: look at actual compiler output from more compilers; identify portable or platform-specific memset replacements that won't get optimized out