a basis for discussion of whether/which features should move where to enable no-unsafe or minimize unsafe in certain chip crates.

This would be very helpful. This PR only changes boards in two ways:

1. Provide a second static buffer to create the default chip peripherals. Boards were already providing one. So adding two follows an existing pattern.
2. Requires that creating pins needs passing in the registers. This avoids the pin constructor using unsafe to define its own registers. It's entirely possible this could be refactored somehow.

Questions for designs:

1. Where should StaticRef::new() be called?
2. Should we remove static mut buffers from chips? If so, where does the buffer come from?
3. Should chips define components that boards can use to create the default peripherals?
4. How badly do we actually want to remove unsafe from chips? The way the nrf5x gpio implementation hacks the MMIO address based on the pin number is pretty cute.

Moreover, merging a design pattern change like this whole cloth for just one chip, rather than more targeted parts of the design pattern across all chips, seems worse to me. It means chip-developers are going to end up with conflicting sources for what responsibilities each component should have.

Changing all chips is hard. And harder to test. I would advocate for converting the nrf5 stack into the beacon example, writing docs around that example, and then telling people that is the example.

As a sidenote, I'm glad to see the Nrf5x aes implementation updated to use a TakeCell. The existing implementation is unsound with regards to DMA.

As a sidenote, I'm glad to see the Nrf5x aes implementation updated to use a TakeCell. The existing implementation is unsound with regards to DMA.

Unfortunately I'm pretty sure it still is, but hopefully this is easier to fix whenever DmaCell is created.