Validate deterministic halt on OOM

[Stebalien]

When we hit the memory limit, we need to deterministically stop executing the current actor, returning to the parent actor. We'd like to avoid simply aborting the message entirely as this could cause problems for, e.g., cron.

This means that we need to consume a consistent amount of gas by the time we OOM. The wrinkle here is that, in theory, an optimization of the wasm bytecode (by the underlying JIT engine) could combine two memory expansion calls into a single memory expansion call, leading us to run out of memory early. For example, given:

1. Expand memory by one page.
2. Allocate some large buffer.
3. Expand memory by one page.
4. Allocate a second large buffer.

A reasonable compiler might optimize this to:

1. Expand memory by two pages.
2. Allocate some large buffer.
3. Allocate a second large buffer.

Ideally the compiler sees memory expansion as something that can't be re-ordered, but we need to validate that.

[Stebalien]

This is only P2 because we may not limit memory in M1.