Revise language of warning about safe variadics

Let's adjust this language so that it talks about the guarantees that
the function must make, and so that it says what may lead to UB rather
than what "is" UB, as the latter implies immediate language UB, when
this is actually library UB.

Let's also add a `SAFETY` comment to the function in the example.

Author: traviscross

src/items/external-blocks.md

@@ -179,12 +179,14 @@ unsafe extern "C" {
     unsafe fn foo(...);
     unsafe fn bar(x: i32, ...);
     unsafe fn with_name(format: *const u8, args: ...);
+    // SAFETY: This function guarantees it will not access
+    // variadic arguments.
     safe fn ignores_variadic_arguments(x: i32, ...);
 }
 ```
 
 > [!WARNING]
-> `safe` should only be used in cases where the function does not look at the variadic arguments at all. Passing an unexpected number of arguments or arguments of an unexpected type to a variadic function is [undefined behavior][undefined].
+> The `safe` qualifier should not be used on a function in an `extern` block unless that function guarantees that it will not access the variadic arguments at all. Passing an unexpected number of arguments or arguments of unexpected type to a variadic function may lead to [undefined behavior][undefined].
 
 r[items.extern.attributes]
 ## Attributes on extern blocks