Consider deferring parse error on sensibly placed unsafe keyword

[dtolnay]

In DSLs based on an attribute proc macro, it comes up that we want to require a syntactic safety claim on some item which would not normally allow an unsafe keyword in Rust syntax.

#[my_macro]
unsafe mod m {
    ...
}

#[my_macro]
unsafe extern "C" {
    ...
}

Currently these fail early with a parse error; you can reproduce by replacing my_macro with cfg(any()).

I would like to suggest allowing these to parse and deferring the error until after macro expansion, giving attribute macros a chance to strip unsafe from a mod or foreign mod and assign their own semantics for what it means. If unsafe remains on a mod or foreign mod after macro expansion we can keep that an error; I am not proposing attaching any new semantics to that.

We already do similar deferral of errors on "sensibly placed" keywords such as async on a trait method or pub inside an enum or on an impl:

#[cfg(any())]
trait Trait {
    async fn f();
}

#[cfg(any())]
enum E {
    pub X,
}

#[cfg(any())]
pub impl T {}

Mentioning @Centril who requested an issue to discuss this further.

[dtolnay]

Opened a PR with an implementation of this: #75857.