remove several uses of unsafe (#8600)

This PR removes several uses of `unsafe`. I generally limited myself to
low hanging fruit that I could see. There are still a few remaining uses
of `unsafe` that looked a bit more difficult to remove (if possible at
all). But this gets rid of a good chunk of them.

I put each `unsafe` removal into its own commit with a justification for
why I did it. So I would encourage reviewing this PR commit-by-commit.
That way, we can legislate them independently. It's no problem to drop a
commit if we feel the `unsafe` should stay in that case.

crates/ruff_macros/src/newtype_index.rs

@@ -45,6 +45,9 @@ pub(super) fn generate_newtype_index(item: ItemStruct) -> syn::Result<proc_macro
                 // SAFETY:
                 // * The `value < u32::MAX` guarantees that the add doesn't overflow.
                 // * The `+ 1` guarantees that the index is not zero
+                //
+                // N.B. We have to use the unchecked variant here because we're
+                // in a const context and Option::unwrap isn't const yet.
                 #[allow(unsafe_code)]
                 Self(unsafe { std::num::NonZeroU32::new_unchecked((value as u32) + 1) })
             }
@@ -55,6 +58,9 @@ pub(super) fn generate_newtype_index(item: ItemStruct) -> syn::Result<proc_macro
                 // SAFETY:
                 // * The `value < u32::MAX` guarantees that the add doesn't overflow.
                 // * The `+ 1` guarantees that the index is larger than zero.
+                //
+                // N.B. We have to use the unchecked variant here because we're
+                // in a const context and Option::unwrap isn't const yet.
                 #[allow(unsafe_code)]
                 Self(unsafe { std::num::NonZeroU32::new_unchecked(value + 1) })
             }