Add explicit zeroize features

[ros-cr]

During a recent code audit on another project, I noticed that the argon2, balloon-hash and bcrypt-pbkdf crates implemented in this code repository do not explicitly declare their zeroize feature variants for memory sanitization behavior.
Fix this by adding explicit Cargo.toml [feature] entries for this zeroize flag.

By my current understanding, the relevant optional security hardening functionality which is gated by this feature flag can already be used by other crates today if they opt-in to its use in their [dependencies] reference, without requiring this patch because the relevant functionality gets picked up as an "implicit feature".

However, by not explicitly announcing this optional security feature, some consumers will either miss that it exists, or do not regard it as a reliable stable functionality (which this PR assumes it is). See also Rust RFC3491 which will remove this implicit feature behavior in the future.

Prior example of this change: see sha1-checked.

Thanks to @hko-s for helping to debug this.

I do not consider this a direct security issue (as covered by SECURITY.md), because the hardening effect of memory sanitization is optional anyway and not guaranteed in existing documentation.

[newpavlov]

We relied on implicit crate features because we previously had MSRV older than 1.60, but since we have bumped MSRV to 1.81 it's indeed worth to use explicit features everywhere.

[ros-cr]

That makes sense!
Thank you for the super-quick feedback and merge 👍

[ros-cr]

@newpavlov : with regards to "use explicit features everywhere", I expect that for example the handling of rayon and password-hash dependencies/features could probably be improved via the dep: syntax within this repository. That's out of scope for this PR goal, though, and just a quick hint if you're not already aware of it.

[ros-cr]

@newpavlov also note that the MSRV column in the README.md overview table appears to be outdated.