strchr bounds-safe interface

[AnnaKornfeldSimpson]

The return value for strchr should have EDIT the same bounds as the input string in its bounds-safe interface. Right now the bounds-safe interface has an interface type but no specific bounds (string_checked.h). In practice programmers will likely then narrow the bounds.

[AnnaKornfeldSimpson]

Expressing the upper bound to be the "same as the argument" is hard. A partial step would be to declare bounds of (arg, return_value). However, my understanding is that return_value doesn't exist yet.