rust-cpython: make PyLeakedRef operations relatively safe This patch encapsulates the access to the leaked reference to make most leaked-ref operations safe. The only exception is leaked_ref.map(). I couldn't figure out how to allow arbitrary map operation safely over an unsafe static reference. See the docstring and inline comment for details. Now leak_immutable() can be safely implemented as the PyLeakedRef owns its inner data.

pager.pager=p0 # $TESTTMP/sysrc:4
ui.editor=e1 # $TESTTMP/userrc:2

pager.pager=p2 # $PAGER
ui.editor=e1 # $TESTTMP/userrc:2