Native libraries are not zipsafe (see https://docs.python.org/2/library/zipimport.html "only files .py and .py[co] are available for import. ZIP import of dynamic modules (.pyd, .so) is disallowed"). This change introduces the zip_safe flag on all python targets that can potentially be not-zip-safe, and marks cxx_python_extension as definitely-not zip safe.
I made it a tristate in PythonPackageComponents mostly to keep the default from being hardcoded in every python rule.