When mixing SLUL and C/"unsafe" code, there is of course a possibliity
of ending up with disallowed data structeres, disallowed sharing, etc.

This can also (and is most likely to) happen in SLUL's own runtime code
(or in 3rd party modules that extend it). That could be REALLY bad because
the ecosystem could end up with a module that does unsound things, but where
changing the behavior would break compatibility, or even break interfaces
(which is disallowed in SLUL). That would result in a module that can only
be deleted, and code that uses it must be refactored to use something else.

So it would be really good to have something that tracks all objects in SLUL,
and checks for all possible safety violations, i.e. doing a 100% safety check.
For performance reasons this might not be feasible to check on every return
from a native function, but:

- it could be done at perhaps 1% of them.
- it could be done on all returned values (or passed values in callbacks).
- it could be done on every de-allocation (of objects or whole arenas).

There are also some ways to enforce some specific parts of soundness
in some specific cases. Here's some methods:

- CHERI
- changing memory protection attributes on call/return to/from native code.
  (and perhaps allocating objects to take this into account, perhaps
   putting objects into random pages, to make errors happen eventually
   after enough runs).
- obfuscating objects when they shouldn't be in use.
- keeping objects in obfuscated state, and only de-obfuscating them 
  when calling native code.