Idea: Make `Encode` sufficient for safety

[madsmtm]

Currently, when accessing instance variables or calling methods the user must verify that the types actually match what Objective-C expects; this is cumbersome, although it can be somewhat alleviated using the "verify_message" feature.

But what if we were to enable "verify_message" always (or at least with debug_assertions)? Could we change Encode somehow to allow msg_send! to become much safer? Or maybe it would be possible to add a safe variant (msg_send! vs. msg_send_unchecked!) that allows a subset of functionality?

An example: Disallow Encode on types like NonNull<T> and &T because their validity cannot be verified using Objective-C encodings (because Rust has a more expressive type-system than C). Or at least disallow them on the return type.

[madsmtm]

Note that we can never make msg_send! completely safe, since any Objective-C method could have invariants that must be upheld, that are not specified in the type system; this is the same reason why extern "C" { fn myfn(); } methods are unsafe to call.

[madsmtm]

Enabling verify_message when debug_assertions is set is a good idea, I'll probably do that at some point.

Maybe it would make sense to have a EncodeReturn trait for (), though I probably won't do that since I want to keep the amount of traits the user has to think about down, and that's a lot of work to prevent accidentally using () as an argument type (this reasoning is documented in #138).

The rest is not feasible.