New ReadOnlySpan constructor for SecureString

[xtqqczze]

Background and Motivation

In PowerShell project we sometimes create a SecureString from a string, e.g. in SecureStringCommands, by using the following pattern:

SecureString ss = new SecureString();
foreach (char t in password)
    ss.AppendChar(t);

Unfortunately, it appears that every call to AppendChar results in an allocation, which I suppose we could avoid with the following unsafe code:

SecureString ss;
fixed (char* pChars = &password.GetPinnableReference())
    ss = new SecureString(pChars, password.Length);

However the constructor SecureString(char* value, int length) creates a ReadOnlySpan to initialize from, so why not expose a constructor that takes a ReadOnlySpan?

Proposed API

namespace System.Security
{
+    public SecureString(ReadOnlySpan<char> value) {
+        Initialize(value);
+    }

Usage Examples

Alternative Designs

Risks

[Dotnet-GitSync-Bot]

I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.

[stephentoub]

Thank you for the suggestion, but we aren't investing in SecureString and we don't want to increase its usage. In fact, we're moving in the opposite direction: dotnet/designs#147. The example you highlight is a good example of why: it's populating a SecureString from a string, which obviates any possible benefit of SecureString in the first place.
cc: @GrabYourPitchforks