[bssl] Make hkdf return Zeroizing type

This cl modifies the output of hkdf to be of Zeroizing type,
ensuring that the key is zeroized when it is dropped.

Test: atest rialto_test & m pvmfw_bin
Bug: 279425980
Change-Id: I903c0b0129cd388b9831d87ddf6d29978350c252
diff --git a/libs/bssl/src/hkdf.rs b/libs/bssl/src/hkdf.rs
index 5dc6876..85bd1ff 100644
--- a/libs/bssl/src/hkdf.rs
+++ b/libs/bssl/src/hkdf.rs
@@ -18,6 +18,7 @@
 use crate::util::check_int_result;
 use bssl_avf_error::{ApiName, Result};
 use bssl_ffi::HKDF;
+use zeroize::Zeroizing;
 
 /// Computes HKDF (as specified by [RFC 5869]) of initial keying material `secret` with
 /// `salt` and `info` using the given `digester`.
@@ -28,8 +29,8 @@
     salt: &[u8],
     info: &[u8],
     digester: Digester,
-) -> Result<[u8; N]> {
-    let mut key = [0u8; N];
+) -> Result<Zeroizing<[u8; N]>> {
+    let mut key = Zeroizing::new([0u8; N]);
     // SAFETY: Only reads from/writes to the provided slices and the digester was non-null.
     let ret = unsafe {
         HKDF(