Clarify contract/semantics of "Release" and other work buckets

[k-sareen]

Currently the semantics/contract for certain work buckets, such as "Release" are unclear (see discussion in #714). We should clarify the semantics of all the work buckets in documentation. Semantics can include unsafety, can other work packets execute concurrently along side, etc.

[qinsoon]

To be specific, Prepare and Release will get a mutable reference to Plan with unsafe code. To avoid race condition, we need to make sure one of these conditions is true:

1. there is no no other work packet in those work bucket that is executing in parallel with Prepare or Release,
2. other work packets that run in parallel with Prepare/Release should not access Plan,
3. other work packets that run in parallel with Prepare/Release do not have race conditions with Plan.prepare/release.

[k-sareen]

Seems like semantics of the Release work bucket are reclamation which aligns with how it is currently, however we may further need to discuss if work packets should be allowed to execute alongside the Release work packet as the Release work packet unsafely accesses the Plan.

[qinsoon]

@wks also raised an issue in #724 (comment). We may have more and more work packets that run in parallel with Plan::release. It will be more difficult to argue the correctness of the unsafe mutable &mut Plan in the release phase. Maybe we should just remove the unsafe mutable reference for Plan::prepare/release, and use a safer implementation.

[k-sareen]

I think it may be convenient and safe to do Plan::release in the EndOfGc work packet. At which point we should rename the Plan::release function to something else.

[qinsoon]

I think it may be convenient and safe to do Plan::release in the EndOfGc work packet. At which point we should rename the Plan::release function to something else.

There is some code in Plan::release which should really be in EndOfGC. We can move them, like #714. But moving the entire Plan::release to EndofGC does not seem to help.