fix issues mentioned in audit

This PR addresses most things brought up in the audit.

It's a quick first pass, needs some double checking in places to make sure it does fix the issues without introducing new ones. Extra eyes are useful here so I'm opening this PR now and do a second pass in not too long.

There's two big things this PR doesn't address as they need a lot more work / thought.

Firstly this PR doesn't address changing alpm's return codes to their own type as that's a large change that deserves it's own PR.

Secondly this PR doesn't address any of the instances of unchecked allocation failure. The audit pointed out a few of these but in reality it's all over the code base and fixing this would require touching almost every function and changing a lot of the API which currently have no way to express failure. Which would then need to bubble up through every function that calls them.