Pass link secret as `raw_value` to anoncreds-rs

[dbluhm]

Related issue on anoncreds-rs: https://github.com/hyperledger/anoncreds-rs/issues/202

The link secret is a sensitive value that should be carefully handled to reduce the chances of compromising it. Commonly, sensitive values like private keys are zeroed in memory after use. Previously, when using Indy CredX, the the link secret was passed to and from the library using a raw buffer to prevent Python from copying the value all over the place. This enabled the caller to generate a link secret and insert it into the Askar store as a buffer and then to recall the value from the store later and pass it to Indy CredX using Askar's Entry.raw_value. The value can then be properly and effectively zeroized when appropriate.

At present, the anoncreds-rs library Python wrapper is not using the Buffer protocol to return and handle the link secret value. This requires the caller to handle the secret as a string, preventing clean up by the Rust layer (which isn't happening right now either, from what I understand).

[swcurran]

@andrewwhitehead — can you please weigh in on this issue, and the related Askar issue. What is the right thing to be done here, and could you please “make it so”? Thanks!

[andrewwhitehead]

I think it depends how 'secret' we consider it to be. Personally, I don't think it's that critical and a string might be just fine. An attacker would have to obtain the raw credentials from the user's wallet, and if they can do that then they can likely obtain the link secret as well. That said it probably wouldn't be hard to switch back to the old implementation.

[swcurran]

So we can close this and count it done?

If we switch back to the old implementation, what is the impact on the other wrappers, and uses of those wrappers? E.g. on the JS wrapper and on AFJ?