Make sure to be sound in the face of coinductive `unsafe trait` impls

[joshlf]

Rust currently has a soundness hole where coinductive unsafe trait impls are unsound, e.g.:

struct NotSend(Rc<()>);

unsafe impl Send for NotSend
where
    NotSend: Send
{}

Note that this only holds for auto traits. In particular, recursive impls for non-auto traits are considered unsatisfied:

error[E0275]: overflow evaluating the requirement `NotSend: Foo`
  --> src/lib.rs:11:5
   |
11 |     NotSend: Foo
   |     ^^^^^^^^^^^^
   |
   = help: see issue #48214

We need to figure out whether we're okay saying "we're unsound because Rust itself is unsound" or whether we want to try to forbid these somehow.

cc @lcnr

[lcnr]

To be more specific, either the unsafe impl is incorrect or the compiler is incorrect.

I am personally on the fence here, but think it's slightly more likely that our current coinduction support is wrong