Implement memset_s() and use it instead of zero_bytes().

A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length.  This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.

include/sudo_plugin.h

@@ -47,6 +47,17 @@ struct sudo_conv_message {
     const char *msg;
 };
 
+/*
+ * Maximum length of a reply (not including the trailing NUL) when
+ * conversing with the user.  In practical terms, this is the longest
+ * password sudo will support.  This means that a buffer of size
+ * SUDO_CONV_REPL_MAX+1 is guaranteed to be able to hold any reply
+ * from the conversation function.  It is also useful as a max value
+ * for memset_s() when clearing passwords returned by the conversation
+ * function.
+ */
+#define SUDO_CONV_REPL_MAX	255
+
 struct sudo_conv_reply {
     char *reply;
 };