Use `catch_unwind()` to catch actor panics

[strohel]

We could unconditionally convert actor panics into actor system shutdown, or perhaps allow users to supply a callback that decides the fate.

[mbernat]

I think catch_unwind is the recommended way to handle subsystem panics, whether that's request handling in web servers or actors in an actor system.

One potential issue is that the subsystem's result type needs to be UnwindSafe, which is similar to Send / Sync thread safety. For portal this means that the Actor::Error type needs to be UnwindSafe and it seems all actors use anyhow::Error, which is indeed UnwindSafe 😌

I don't think it's optimal to make errors/panics trigger system shutdown (as opposed to just actor restart) but it seems reasonable to treat errors and panics the same for the time being.