[block] Implement v2 of Block Protocol

- "Transactions" renamed to "Groups". The term
transaction remains, and is used to corresponds to a
single FIFO request.
- "Groups" pre-allocated by block server.
Clients can use groups between [0, MAX_TXN_GROUP_COUNT)
without needing to allocate. Groups signify structures
that can wait to transmit responses for a collection of
transactions. These transactions may be requested via
"BLOCKIO_TXN_GROUP"; the block-client library does this
automatically.
- "One-shot" transactions, which are not associated with
a group, are also implemented. All "one-shot" transactions
receive a FIFO response.

ZX-1584 #done
ZX-1580 #comment In Progress

TEST=ramdisk, fvm, zxcrypt, block, fs tests, running iochk manually

Change-Id: I7caf342804baf32543adfef3fec76f7d77d89b3f

[zx] Add new API for zx::time

This also change zx::clock to be a class instead of a namespace, because
nested namespaces are banned.

TEST=Everything still compiles, tests still pass.

Change-Id: I954558aaaed554fe088c11ff7bbc7d914eebdf6f

[zx] Prepare to use typed clock for zx::time

This CL introduces zx::base_time, zx::time_utc and zx::time_thread as
alias to zx::time.

It also introduces a new templated factory method to produce
zx::base_time.

This is in preparation for the time type to be different depending on
the clock used. After this CL, clients will be able to use both the
current API, as well as the typed API. When all clients have migrated to
the new API, the old API will be removed and the time types will be
enforced.

TEST=Everything still compiles

ZX-2338

Change-Id: I3b6f4eced5df23b8dc4b1310bd8d0a89291b07a8

[ramdisk] Fail after block count instead of transaction count.

Test: Ramdisk and zxcrypt tests

Change-Id: Idf80102b6c04dd8c468f347607502672df0b91db

[fvm][zxcrypt] Refactor libraries to avoid fdio dependency

ZX-2266 #done

Test: Refactor; relying on exitant library/driver tests.

Change-Id: Ia54acac0fb8056c91b26c097a8efae22dd0c5b3a

[crypto] Split Bytes class

This CL breaks out the Secret class from the Bytes class. A number of
paranoid but expensive functions are only needed for security sensitve
secrets, e.g. mandatory_memset in the destructor of keys. This split
allows only the data that needs the paranoia to pay for it.

Change-Id: Ib3fdc23ef7c0f86a6549c639353ac72bb35ebedf

[fdio] Move headers into lib/fdio/...

Change-Id: Ie8d74e716da913bf6e2672c4acf8cd67b4962b7f

[devmgr][fs-management][zxcrypt] Add zxcrypt detection

This CL adds zxcrypt volume detection and auto-binding. Long term,
this will only work for zxcrypt volumes using unattended encryption,
that is, those not depending on user authentication.

Change-Id: Iaf97e44ce63b467c7a714df8adccc9adf124e74d

[paver] Add zxcrypt support

This CL adds a flag to FVM sparse containers. This flag
indicates to the disk paver that it should use a zxcrypt volume
on top of the FVM partition. The ability to set the flag in the
host FVM tool will be added in a later CL.

Change-Id: Ica8a416ca7244b1bf8e045ededb2bcfe845092f5

[zxcrypt] Don't cache parent block information

This CL removes the copy of the block_info_t from the zxcrypt
device. Caching such information caused it to be invalid after FVM
resizes. This also caused the 'synthetic' block size to be removed,
which hasn't been needed since the Jan. refactor, and which broke
atomicity with lower layers.

ZX-1948 #comment Fixed

Change-Id: I8d2e9ab8eb965f7ead1796eb38d9dc0e6ee939f8

[zxcrypt] Prevent large request starvation

This CL tweaks how large I/O requests get deferred. Currently, when a
request is queued via BlockQueue, the code checks if there's enough
resources in the pool to immediately send the request to the device or
encrypter (for reads and writes, respectively). If not, it is added to
an internal queue which is checked when BlockRelease is called. If a
large request gets queued, it may get consistently preempted by smaller
requests that skip the queue.

The new approach checks always adds requests to the end of the queue if
it is non-empty. The chance of stalling remains low as
max_transfer_size if 1/4 of the overall pool size. Additionally, the
code has been refactored to only need to grab the lock once to add or
remove a request from the queue (instead of thrice previously).

Change-Id: I1d07de8ccfd90edf52b7337b56b7ef1596316aef

[fs-management] Make wait_for_device recursive

This CL teaches wait_for_driver_bind to wait for parent devices if they
have not yet been bound, and renames it to wait_for_device. This
simplifies usage when multiple devices are expected to bind, e.g.
rebinding a ramdisk with a zxcrypt device in an FVM partition.

This CL does NOT simplify the call sites which have unsafe path
manipulations involving strcpy and strcat. These buffer overflows will
be addressed in following CLs (see SEC-70).

ZX-2016 #comment Allows moving zxcrypt_create out of disk-pave.cpp

Change-Id: I218ad02d8969ab51bd1dcd35efe864355ba1b151

[zx] Move public zx headers to match naming convention

The zx library provides headers intended for general use, so the
include path should be spelled <lib/zx/foo.h> as per
https://fuchsia.googlesource.com/docs/+/master/development/languages/c-cpp/naming.md.
This moves the headers into the proper location and updates includes to
match.

Change-Id: I6fc9b2a491b5f8b0d270c4dfc77fa4be5739071b

[zxcrypt] Use wait_for_driver_bind in TestDevice

This CL replaces the block watcher from TestDevice with the more
standard one in ulib/fs-management. The most salient difference is the
lack of a timeout, but that's acceptable as these routines are not
expected to fail. It also adds error messages around the calls to bind
drivers to devices, so that the culprit may be more easily identified
in the case of test flake.

ZX-1825 #comment Expected to be fixed

Change-Id: I0caaa9bb752492ebba84a3def90eb46df86bcabc

[zxcrypt] Refactor TestDevice

This CL refactors TestDevice's lifecycle, especially with regards to its
block fifo lifecycle management.

I am fairly certain the root cause of the test flake was the way I was
using |fdio_watch_directory| did not guarantee I wouldn't get the wrong
device when aggressively un/binding. That method calls a provided
callback whenever files are added, removed, etc. to a directory.
Watching a directory in the /dev tree is the only way to be notified of
new devices being added or removed right now. Notably, it immediately
invokes the callback with an 'add' event for each existing files.

Previously, since multiple devices could be added by binding a single
driver (i.e., the requested driver, auto-detected FVM drivers and a
mid-layer driver for each), the code watched the /dev/class/block
directory for an alias whose topological path ended in the right suffix.
This was racy since we might get an 'add' event for a device from a
previous test that hadn't quite unbound, and mtach the suffix.

The new approach recursively calls |fdio_watch_directory| for each
element in the topological path, thus guaranteeing we can only bind to
the new ramdisk created for each test.

ZX-1659 #comment Fixes the test flake

Change-Id: I3fbf571e5d81a528ecccb9067fe8742e1cf4a151

[zxcrypt] Rewrite TestDevice a unit test helpers

There's some outstanding flake in the zxcrypt unit tests, but current
output from failed tests isn't sufficiently useful in isolating it.
This CL attempts to improve the reporting of unexpected errors by
converting the methods of zxcrypt::testing::TestDevice to be unit test
helpers as defined in unittest.h.

ZX-1659

Change-Id: Ie23b323e559099ce4b2527ff07a87aee669f4449

[zxcrypt] Add encrypted block device filter driver

This CL adds the actual driver and associated tests. The driver consists
of the Device itself, extra fields used to associate I/O requests with
pooled resources used to perform cryptographic transformations, and
threaded workers used to perform that work asynchonously.

Change-Id: Ib1ac05c6abda076359264b861946d23aba98d983

[zxcrypt] Improve Volume support for Cipher, FVM

This CL modifies three areas of Volume:
1. It moves all metadata to the first two FVM slices and doesn't use
the last one.
2. It tweaks some tests and test conditions to accomdate changes in
ramdisks.
3. It refactors Bind to initialize one cipher at a time.

Change-Id: Iff7629473e93beb5fb38a3d97002cc799fc67da1

[crypto][fdio][zxcrypt] Improve debug output

This CL improves fdio/debug's xprintf with location info.

Change-Id: Idd05c0439258ed3fe160086bcce05575eddbc38b

[zxcrypt] Rename superblock to volume

zxcrypt::Superblock evolved beyond just an interface for a single block
of metadata into something more like a zxcrypt volume interface. This
CL renames the class to reflect that.

Change-Id: I8602a9531687df31e84f701e277f07238c519b6e

[zx] Update callers to zx::time and zx::duration types

The zx_time_t and zx_duration_t variants will be removed eventually.

Change-Id: Icc54983edc154eee2d1258160f921c3afc212ae0

[zxcrypt] Add Superblock class

This CL adds Superblock, which encapsulates how the cryptographic
metadata is stored and retrieved by zxcrypt. I/O performance is not as
critical a concern here, as the superblock is generally only involved in
'lifecycle' events of a zxcrypt device, that is formatting, binding,
rekeying, and shredding, and not individual data transfers.

Change-Id: I73cebf8d653cee9c00ce7a952bc75852361fec8b