Missing null checks and panic handlers in extern functions

[marco-vassena]

The FFI bindings in this library are missing null checks and panic handlers that would avoid undefined behavior. The documentation does warn users about conditions that will trigger undefined behavior, but the library could provide a safer interface by avoiding those sources of undefined behavior.

In particular, the bindings could:

1. Use is_null to check that pointers are not null before accessing them
2. Use catch_unwind to stop panics from unwinding across the FFI