Add Send + Sync to ArcWake trait to fix unsoundness

[seanmonstar]

Neither Arc::new nor Arc<T> itself requires Send + Sync, but the into_waker method assumes them when converting into a Waker. So without this change, it's possible to trigger UB with something like Arc::new(Boom(some_rc)).into_waker().

[Nemo157]

I guess Send is required because of Arc::try_unwrap?

(Just to check I threw together a playground with a full demonstration of the unsoundness, including cloning/dropping an Rc on multiple threads).

[seanmonstar]

With an Rc, you could make some clones before putting in the Arc, and even making some clones on the other thread, making unsynchronized ref count changes.

Similar with RefCell and it's borrow count. Etcetera.

[Shnatsel]

Unsynchronized reference count changes could potentially lead to exploitable memory corruption. Please file a security advisory at https://github.com/RustSec/advisory-db so that dependents of this crate could check if they're affected and upgrade.

[Nemo157]

As far as I’m aware the unsoundness was only present in alpha releases of a preview crate, that should be sufficient “not production quality code” to not require a security advisory.