Inconsistency in Uint128 api for overflow/underflow behaviour

[yihuang]

Add use default + operator under the hood, while Sub use checked_sub.
I think it would be better to keep is consistent with rust std's behaviour:

• default operator +/-, panic when wrapping.
• add methods for explicit checked_*/wrapping_*/saturating_* operations.

[webmaster128]

Thank you for bringing this up. Good point. I'll check with Ethan, who originally created the Underflow error case to find a way tht is consistent.

Panics in smart contracts are a bit problematic because they are very hard to debug. Your code is terminated but there is no error message or stack trace available.

[yihuang]

I think it maybe already causing overflow troubles in the example contracts like: https://github.com/CosmWasm/cosmwasm-plus/blob/master/contracts/cw20-base/src/contract.rs#L132

I guess adding the explicit methods like checked_*/wrapping_*/saturating_* is less controversial,
then we need to decide on the default behavior of the operators.