Audit findings

Briefly, will add detail later:

• libhsm abstracts away complexity from PKCS #11, and it combines modules, but it also removes a lot of the useful semantics of PKCS #11 – which is a real problem.
• return values should always be checked, no matter how mundane (malloc returns of NULL, specifically)
• translation between UTF-8 and ASCII should not be implicit
• the NULL context led to problems and has been removed
• multiple-stage operations tend to store state in the session object, and must be protected with locks
• programming assumptions should not be dynamically checked, but with a (debug-time) assertion
• consistent use of braces and some more zeal with brackets is useful to convey the meaning of code (sometimes a matter of taste)