The fact that Wasmtime executes correctly under Tree Borrows but not
Stacked Borrows is a bit suspect and given what I've since learned about
the aliasing models I wanted to give it a stab to get things working
with Stacked Borrows. It turns out that this wasn't all that difficult,
but required two underlying changes:

* First the implementation of `Instance::vmctx` is now specially crafted
  in an intentional way to preserve the provenance of the returned
  pointer. This way all `&Instance` pointers will return a `VMContext`
  pointer with the same provenance and acquiring the pointer won't
  accidentally invalidate all prior pointers.

* Second the conversion from `VMContext` to `Instance` has been updated
  to work with provenance and such. Previously the conversion looked
  like `&mut VMContext -> &mut Instance`, but I think this didn't play
  well with MIRI because `&mut VMContext` has no provenance over any
  data since it's zero-sized. Instead now the conversion is from `*mut
  VMContext` to `&mut Instance` where we know that `*mut VMContext` has
  provenance over the entire instance allocation. This shuffled a fair
  bit around to handle the new closure-based API to prevent escaping
  pointers, but otherwise no major change other than the structure and
  the types in play.

This commit additionally picks up a dependency on the `sptr` crate which
is a crate for prototyping strict-provenance APIs in Rust. This is I
believe intended to be upstreamed into Rust one day (it's in the
standard library as a Nightly-only API right now) but in the meantime
this is a stable alternative.

This commit adds a new wrapper type `SendSyncPtr<T>` which automatically
impls the `Send` and `Sync` traits based on the `T` type contained.
Otherwise it works similarly to `NonNull<T>`. This helps clean up a
number of manual annotations of `unsafe impl {Send,Sync} for ...`
throughout the runtime.

In an effort to enable MIRI's "strict provenance" mode this commit
removes the integer-to-pointer casts in the runtime `Table`
implementation for Wasmtime. Most of the bits were already there to
track all this, so this commit plumbed around the various pointer types
and with the help of the `sptr` crate preserves the provenance of all
related pointers.

The `MemoryImageSlot` type stored a `base: usize` field mostly because I
was too lazy to have a `Send`/`Sync` type as a pointer, so this commit
updates it to use `SendSyncPtr<u8>` and then plumbs the pointer-ness
throughout the implementation. This removes all integer-to-pointer casts
and has pointers stores as actual pointers when they're at rest.

This commit changes the "raw" representation of `Func` and `ExternRef`
to a `*mut c_void` instead of the previous `usize`. This is done to
satisfy MIRI's requirements with strict provenance, properly marking the
intermediate value as a pointer rather than round-tripping through
integers.

Additionally enable the strict-provenance features to force warnings
emitted today to become errors.