Apply "default unsafe" annotation across webputils

Import bounds_safety.h across all of webputils, with one exception being
dsp.h, since it's imported by webputils.h in one place. Also prepend
WEBP_ASSUME_UNSAFE_INDEXABLE_ABI to every webputil file to indicate to
the compiler that every pointer should be treated as __unsafe_indexable.

We also need to replace memcpy/memset/memmove with the unsafe variants
WEBP_UNSAFE_*, as memcpy/memset/memmove require bounded/sized pointers.

With this change, all of libwebputils (and libwebp) should build with
-DWEBP_ENABLE_FBOUNDS_SAFETY=true

Change-Id: Iad87be0455182d534c074ef6dc1a30fa66b74b6c

src/utils/utils.h

@@ -21,8 +21,11 @@
 
 #include <assert.h>
 
+#include "src/utils/bounds_safety.h"
 #include "src/webp/types.h"
 
+WEBP_ASSUME_UNSAFE_INDEXABLE_ABI
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -69,7 +72,7 @@ WEBP_EXTERN void WebPSafeFree(void* const ptr);
 // memcpy() is the safe way of moving potentially unaligned 32b memory.
 static WEBP_INLINE uint32_t WebPMemToUint32(const uint8_t* const ptr) {
   uint32_t A;
-  memcpy(&A, ptr, sizeof(A));
+  WEBP_UNSAFE_MEMCPY(&A, ptr, sizeof(A));
   return A;
 }
 
@@ -78,7 +81,7 @@ static WEBP_INLINE int32_t WebPMemToInt32(const uint8_t* const ptr) {
 }
 
 static WEBP_INLINE void WebPUint32ToMem(uint8_t* const ptr, uint32_t val) {
-  memcpy(ptr, &val, sizeof(val));
+  WEBP_UNSAFE_MEMCPY(ptr, &val, sizeof(val));
 }
 
 static WEBP_INLINE void WebPInt32ToMem(uint8_t* const ptr, int val) {