Don't panic in `datastore_index_scan_range_bsatn` on invalid ranges

[gefjon]

A user report suggests that datastore_index_scan_range_bsatn will panic the host when passed a range where the end is greater than the start. std::collections::BTreeMap::range says it does this, so I guess we can't be too surprised, but it does seem like a silly and undesirable behavior.

We should decide whether a scan on a range x..y where x > y:

1. does not error, and immediately returns zero values.
   • This may (probably should) inject a warning into the module's logs.
2. is equivalent to a scan on (Exclusive(y), Inclusive(x)) (like y..x, but respecting the inclusiveness of the bounds when swapping them).
3. returns an error which causes the module code to panic, but does not panic the host.
   • This replicates the Rust stdlib's behavior.

Then implement that behavior, and add a test somewhere which attempts such a scan without panicking.

[Centril]

I agree that the standard library is silly and does the wrong thing. Instead, it should have returned the empty set, as suggested in 1.
This is consistent with e.g., 0 == (1..0).count() which is true.