RUST-1881 Check integer conversions

[abr-egn]

RUST-1881

This vendors the Checked type from https://github.com/zeta12ti/Checked, minus the num_traits support, plus a few conveniences for our specific error type, and uses it to check both integer conversions and integer arithmetic for particularly sensitive values like buffer sizes. The guidelines I used for this:

• at function boundaries, sizes should be represented as usize
• within a function, sizes should be Checked<usize> starting at the earliest possible point (ideally, initialization from a constant or single value), and persisting as late as possible so that all arithmetic is also checked.
• deadlines (number of seconds/millis) can saturate in conversion
• where context doesn't provide an easy way to propagate a Result, unwrap is used on the grounds that a crash is better than silent bad behavior

I added a lint for risky as conversions to the toplevel lib.rs so future uses will get caught :)

(Once this goes in I will, of course, cherry-pick this into 2.8.x.)