Warn on access/modify of $SAFE, and remove effects of modifying $SAFE

This removes the security features added by $SAFE = 1, and warns for access
or modification of $SAFE from Ruby-level, as well as warning when calling
all public C functions related to $SAFE.

This modifies some internal functions that took a safe level argument
to no longer take the argument.

rb_require_safe now warns, rb_require_string has been added as a
version that takes a VALUE and does not warn.

One public C function that still takes a safe level argument and that
this doesn't warn for is rb_eval_cmd.  We may want to consider
adding an alternative method that does not take a safe level argument,
and warn for rb_eval_cmd.

internal.h

@@ -1570,9 +1570,8 @@ void rb_file_const(const char*, VALUE);
 int rb_file_load_ok(const char *);
 VALUE rb_file_expand_path_fast(VALUE, VALUE);
 VALUE rb_file_expand_path_internal(VALUE, VALUE, int, int, VALUE);
-VALUE rb_get_path_check_to_string(VALUE, int);
-VALUE rb_get_path_check_convert(VALUE, VALUE, int);
-VALUE rb_get_path_check(VALUE, int);
+VALUE rb_get_path_check_to_string(VALUE);
+VALUE rb_get_path_check_convert(VALUE);
 void Init_File(void);
 int ruby_is_fd_loadable(int fd);
 
@@ -1604,7 +1603,7 @@ void rb_gc_writebarrier_remember(VALUE obj);
 #else
 #define rb_gc_writebarrier_remember(obj) 0
 #endif
-void ruby_gc_set_params(int safe_level);
+void ruby_gc_set_params(void);
 void rb_copy_wb_protected_attribute(VALUE dest, VALUE obj);
 
 #if defined(HAVE_MALLOC_USABLE_SIZE) || defined(HAVE_MALLOC_SIZE) || defined(_WIN32)
@@ -1696,7 +1695,7 @@ void rb_io_fptr_finalize_internal(void *ptr);
 
 /* load.c */
 VALUE rb_get_expanded_load_path(void);
-int rb_require_internal(VALUE fname, int safe);
+int rb_require_internal(VALUE fname);
 NORETURN(void rb_load_fail(VALUE, const char*));
 
 /* loadpath.c */