More analyzer annotations
This gets us far enough to pass all the .c files without warning.
The .cpp files are another issue (partly because C++ is more complicated,
partly because they play a bit fast and lose with GC rooting).
However, once this is merged, we should be able to set up CI for
the .c files at least.
