Use volatile stores in bytes destructor

[rcombs]

Ensures that the zeroization can never be optimized out.

[bifurcation]

This is a little unfortunate in light of #425. But it's a good point that the std::fill call might get optimized away.

The only other real alternative that occurs to me is to make a Secret class within the hpke library, and use it for the appropriate things elsewhere. That would keep the OpenSSL dependency scoped to the hpke library, which would help w.r.t. #425. But it would be a bigger change to make sure the Secret class got used in exactly the right places and didn't introduce a bunch of unnecessary conversions / copying. So I'm OK doing this PR for now.

[rcombs]

There are also non-openssl routines that can be used for this (e.g. memset_explicit, memset_s, explicit_bzero, SecureZeroMemory…), or std::fill could be used with the pointers casted to volatile.

[rcombs]

Switched this over to std::fill with volatile pointers, which has the same property of being guaranteed not to be optimized out (since volatile stores cannot be eliminated per the as-if rule), without expanding the openssl dependency; this should also fix the build errors created by including the openssl header.

[bifurcation]

Thanks @rcombs that sounds like a nicer solution to me. Happy to merge once CI passes.