add env var to override sys::Instant::actually_monotonic() for windows and unix

[the8472]

The environment variable is read on first use and cached in an atomic.

Various operating systems promise monotonic clocks and so does hardware and various hypervisors, often with explicit flags such as constant_tsc. And if that flag is absent they already force the timers to be monotonic through atomic operations (just as the standard library does). And this tends to work on most systems.

But there's the occasional broken hardware or hypervisor that makes this promise but then doesn't deliver. That's why the standard library doesn't rely on the API guarantees in some cases (e.g. windows). And in other cases (e.g. x86 linux) it does trust the OS guarantee and then this gets broken because rust trusts the os which trusts the hypervisor which trusts the hardware which is broken.

The result is that either we err on the side of caution and introduce cache contention in an operation that should be very fast and perfectly scalable even on systems that have reliable clocks or we trust too much and our guarantees get violated on some fraction of systems.

With the environment variable we can offer a way out. We can make a default decision for a particular platform depending on how common broken hardware is and then give users that encounter the opposite case a way out.

Questions:

• this, where available use AtomicU{64,128} instead of mutex for Instant backsliding protection #83093 or both?