Improve resilience against memory attacks

To reduce residual fragments of secret data in memory after
deallocation, this patch replaces the global delete operator with a
version that zeros out previously allocated memory. It makes use of
the new C++14 sized deallocation, but provides an unsized fallback
with platform-specific size deductions.

This change is only a minor mitigation and cannot protect against
buffer reallocations by the operating system or non-C++ libraries.
Thus, we still cannot guarantee all memory to be wiped after free.

As a further improvement, this patch uses libgcrypt and libsodium
to write long-lived master key component hashes into a secure
memory area and wipe it afterwards.

The patch also fixes compiler flags not being set properly on macOS.

src/cli/CMakeLists.txt

@@ -38,6 +38,7 @@ target_link_libraries(keepassxc-cli
         keepassx_core
         Qt5::Core
         ${GCRYPT_LIBRARIES}
+        ${sodium_LIBRARY_RELEASE}
         ${ARGON2_LIBRARIES}
         ${GPGERROR_LIBRARIES}
         ${ZLIB_LIBRARIES}