The secure allocator should be more like a real allocator. I.e. it shouldn't require a mmap or virtual alloc call for every allocation.
We would need to retain the constraints that:
- Memory is zeroed after deallocate
- Memory is always locked in memory
- Always ask the os for full pages of memory
- hand out multiple allocations from the same page
- refcount the pages and unlocking and returning after all consumers were gone