chore(lib): start a strict clippy config

This starts a change to embrace a strict allowlist with Clippy.

## Why?

Clippy can detect a lot of mistakes. The defaults are very good. But it has the
power to detect many more _probable_ mistakes, and enforce coding patterns
beyond formatting. With the increase in LLM generated code, a stricter Clippy
can protect us from the LLM generating poorer code.

The pedantic and restriction groups are not enabled by default. There is even a
warning to not enable the restriction group blindly. But, even they have good
lints. The usual recommendation is to just turn on the lints you care about.

Instead, this embraces restricting everything by default, and keep an explicit
allowlist. The benefits for this are that we explicitly consider every possible
"bad code" lint. We decide if it's something to ignore. And we also don't
accidentally not notice a new lint. Every time Clippy upgrades, we may see some
new lints that could improve our code. That is excellent! When that happens, we
can decide whether to adjust the code, or allow the lint.

[More reading](https://billylevin.dev/posts/clippy-config/)

## How?

Restricting all these lints in one go would be a large amount of changes. Some
of them can be done automatically (`cargo clippy --fix`), some of them an LLM
can very easily do, and some require manual inspection in each place.

This starts by enabling all the groups, listing out every lint that was
triggered, and then allows them explicitly for now. I've split that list into
two separate smaller lists (described here in reverse order):

- Lints that are expliticly allowed.

- Lints that should be decided on, either by fixing the code, or removing the
  TODO and putting them in the explicitly allowed list (ideally explaining why).

Follow up commits can address those lints, and when doing so, update the list.
This will prevent rot from occurring by keeping the PR open for a long time, or
conflicts.

Author: seanmonstar

.github/workflows/CI.yml

@@ -17,6 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     needs:
       - style
+      - lint
       - test
       - msrv
       - miri
@@ -51,6 +52,22 @@ jobs:
             exit 1
           fi
 
+  lint:
+    name: Linter
+    #needs: [style]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - uses: Swatinem/rust-cache@v2
+
+      - name: Clippy
+        run: cargo clippy --all-targets --features full -- -D warnings
+
   test:
     name: Test ${{ matrix.rust }} on ${{ matrix.os }}
     needs: [style]

Cargo.toml

@@ -105,6 +105,77 @@ check-cfg = [
     'cfg(hyper_unstable_ffi)'
 ]
 
+[lints.clippy]
+pedantic = { level = "warn", priority = -1 }
+restriction = { level = "warn", priority = -2 }
+
+# keep an allow list of lints
+
+# lints to decide on
+arithmetic_side_effects = "allow"
+as_conversions = "allow"
+borrow_as_ptr = "allow"
+empty_structs_with_brackets = "allow"
+indexing_slicing = "allow"
+missing_errors_doc = "allow"
+missing_panics_doc = "allow"
+module_inception = "allow"
+multiple_unsafe_ops_per_block = "allow"
+panic = "allow"
+ptr_as_ptr = "allow"
+single_char_lifetime_names = "allow"
+undocumented_unsafe_blocks = "allow"
+
+# explicitly allowed
+absolute_paths = "allow" # sometimes its cleaner
+arbitrary_source_item_ordering = "allow" # order: std, deps, crate
+blanket_clippy_restriction_lints = "allow" # allowlist is better
+clone_on_ref_ptr = "allow" # Arc::clone(blah) is needlessly noisy
+cognitive_complexity = "allow" # is this ever useful?
+default_numeric_fallback = "allow" # too many false positives
+expect_used = "allow" # expect is self-documenting
+error_impl_error = "allow" # mod::Error is a fine name
+field_scoped_visibility_modifiers = "allow" # possibly good idea, noisy for now
+if_not_else = "allow" # order depends on which is more common, not truthiness
+if_then_some_else_none = "allow" # control flow as if better than closures
+implicit_return = "allow" # standard rust
+impl_trait_in_params = "allow" # turbofish ignored on purpose
+inline_modules = "allow" # common for sealed types
+inline_trait_bounds = "allow" # more concise if shorter bounds
+let_underscore_must_use = "allow" # the entire point was to ignore must_use
+let_underscore_untyped = "allow"
+mod_module_files = "allow" # easier to find than self-named modules
+min_ident_chars = "allow" # not to be abused, nor forced
+missing_assert_message = "allow" # not much value
+missing_docs_in_private_items = "allow" # these docs aren't rendered
+missing_inline_in_public_items = "allow" # bad lint
+missing_trait_methods = "allow"
+must_use_candidate = "allow" # bad lint
+module_name_repetitions = "allow" # sometimes it happens, not bad at all
+new_without_default = "allow" # not everything needs a Default impl
+panic_in_result_fn = "allow" # panics are for invariants
+pub_use = "allow"
+pub_with_shorthand = "allow"
+question_mark_used = "allow" # question mark is excellent
+unreachable = "allow" # self-documenting invariants
+ref_patterns = "allow" # TODO: perhaps deny?
+renamed_function_params = "allow" # we can pick clearer names
+same_name_method = "allow"
+shadow_unrelated = "allow" # shadowing is useful
+shadow_reuse = "allow" # shadowing is useful
+single_call_fn = "allow" # abstracting to a function is the point
+self_named_module_files = "deny" # already denied but, rly, dont do it
+semicolon_inside_block ="allow" # depends on context
+semicolon_outside_block ="allow" # depends on context
+std_instead_of_alloc = "allow" # std is more idiomatic
+std_instead_of_core = "allow" # std is more idiomatic
+struct_field_names = "allow" # not really helpful
+too_many_lines = "allow" # reconsider someday?
+type_complexity = "allow" # not helpful
+used_underscore_items = "allow"
+unused_trait_names = "allow" # TODO: kinda annoying, but might be good to deny
+unnecessary_safety_comment = "allow" # more safety comments are a good thing
+
 [package.metadata.docs.rs]
 features = ["ffi", "full", "tracing"]
 rustdoc-args = ["--cfg", "hyper_unstable_ffi", "--cfg", "hyper_unstable_tracing"]