Safe AVX YCbCr

[Shnatsel]

Since Rust 1.86 functions with #[target_feature=...] annotations don't need to be unsafe themselves, and the same goes for intrinsics that don't operate on raw pointers. They are still unsafe to call from functions not annotated with a matching #[target_feature=...].

This PR does 4 things:

1. Turns all functions that had to be unsafe fn because of AVX into regular fn (needs Rust 1.86+ released in April 2025)
2. Converts all raw pointer accesses to safe, checked indexing
3. Uses Vec::extend_from_slice in place of manual bookkeeping, unsafe set_len() and handwritten copy loops
4. Wraps the single remaining unsafe into a safe function that checks all necessary preconditions

Performance is the same or slightly better than before according to cargo bench on my Zen4 machine.

I have added a test to verify correctness of the AVX2 implementation against the scalar one, and the results are bit-identical. I have also manually tested this for correctness using the integration into image: image-rs/image#2636

This is best reviewed commit by commit; the combined diff can be difficult to follow.

[Shnatsel]

For context, this is part of the work to migrate image to using this crate as its JPEG encoder implementation. If this approach is OK with you I'd like to make the rest of the AVX code safe in the same fashion.

[vstroebel]

Haven't made much benchmarks on my own, but this seems to work quite well.
I've created #26 to keep the MSVR and version bump into its own PR.

[vstroebel]

No relevant regressions on Zen3, Zen1 and Haswell.
Cannot merge because of conflicts, yet.

[Shnatsel]

I've resolved the conflicts. CI passed. This should now be ready to go.