Some Nix wrappers are not signal-safe

[SteveLauC]

trafficstars

For those syscalls that are signal-safe, their Nix wrappers may not be.

For example, stat(2) is signal-safe, its Nix wrapper uses the NixPath trait, which will allocate if the passed argument has a length greater than MAX_STACK_ALLOCATION, and allocation is not signal-safe, making the wrapper signal-unsafe.

I kinda think we should take a look at those functions that are asked to be signal-safe by the standard, and check if the corresponding Nix wrappers are safe or not, if not, then we should document it so that our users can be aware.