Rust crate returns arbitrary numeric error codes instead of `Result` instances in some cases

[rcoder]

There are places in the current Rust bindings where the FFI glue wraps underlying C++ function calls in unsafe blocks, then casts the response to an expected type, ignoring potential error codes from the original API.

Example: https://github.com/zerotier/libzt/blob/8d21a265cc23dd6e6e4d2c2ad068e978f110f8e3/pkg/crate/libzt/src/socket.rs#L223

This example neither checks the global errno value, nor that the return value of the underlying C++ method is negative, which means that calls that error simply return the result of a (bogus) i32 -> usize cast.

We should audit this interface and look for cases where we're potentially doing unchecked casts, minimize use of unsafe, and (eventually) separate the low-level FFI into a dedicated libzt-sys crate with a safe, hardened Rust interface in this library.