Make printf safe

[Walter Bright]

I understand the desire to use modern write().

But there is a place for a lightweight way to do formatted writing.

1. If you're just linking with the stdc library, there is no write().

2. printf is probably the most debugged and optimized piece of code that has 
ever existed. Borland C recoded it in hand-optimized assembler, which was a 
brilliant move as its fast printf covered for a lot of weakness in its poor code 
generator

3. write() won't work until pretty much everything in the compiler works. With 
printf, I can get hello world to work needing only a minimally functional compiler

4. can't use Phobos in dmd's source code, because if a working Phobos was 
required, it becomes much much harder to bootstrap it

5. most any use of write() causes a rather large pile of template bloat to be 
inserted into the object file. This makes life difficult when trying to isolate 
a bug.

Currently, dmd's checking of the arguments against the format string has already 
eliminated a large chunk of the problems with printf. It enabled the removal of 
dozens of bugs in the dmd code base. A big win!

My proposal is pretty lightweight, the heavy lifting was already done with the 
argument checking. It enables @safe use of printf, and removes the temptation to 
rely on char* strings instead of char[] strings.