FailPoint objects are designed to be defined as nonlocal objects, and referred to in arbitrary code paths as e.g. `if (failpoint.shouldFail()) ...` to provide test injection and instrumentation. Calls to FailPoint::shouldFail must to be correct even before the failpoint initializer has run, or after the failpoint has been destroyed.

We can fix it by making FailPoint objects into trivial facade objects using std::aligned_storage that lazily initializes its state when member functions are called.

For performance paths that are known to be lifetime-safe, we can use an accessor to get at the unchecked state of the FailPoint, skipping the atomic initializer guard.