Review indexing from intergers to make sure we don't allow unintentional overflows

[alerque]

There are a few other instances of this exact construct as well as a large number of as invocations on integer types that are not very safe or idiomatic. That doesn't necessarily mean it is even possible to trigger other issues like this one, but it does mean there could be a little more defensive coding here.

Originally posted by @alerque in #142 (comment)

I did a quick pass looking for other potential instances of similar overflows and see a few potential cases. I did not review the larger context to figure out whether the potential overflow is a reachable code path, only the local context of the integer handling.

Unfortunately in playing with "fixing" these it became obvious the cases are not all covered by existing test. For example one can delete this line of code entirely and the test suite still just passes:

rustybuzz/src/hb/ot_layout_gsubgpos.rs

Line 941 in 7386be4

delta += match_positions[idx] as isize - end as isize;

[behdad]

See #142 (comment)

[alerque]

Reopened #142 for tracking, all discussion is there.