[Breaking] Enforce checked arithmetic in matching/statistics core

[j-b-layerv]

Description

Enforce checked arithmetic in matching/statistics/snapshot core paths and remove saturating_* from financial logic.

Depends on

• [Breaking] Introduce Price/Quantity/TimestampMs domain newtypes #10

Problem

Current use of saturating_* and unchecked arithmetic can silently hide overflow/underflow in financial calculations.

Scope

• Replace saturating/raw arithmetic with checked variants.
• Define explicit error behavior for arithmetic failures.
• Add tests for overflow/underflow paths.

Tasks

• Audit and replace arithmetic in:
  • src/execution/match_result.rs
  • src/price_level/statistics.rs
  • src/price_level/snapshot.rs
  • src/price_level/level.rs
• Introduce helper functions/traits for checked operations if needed.
• Ensure division behavior is explicit and documented.
• Add unit tests for edge/overflow conditions.

Technical Details

Representative current patterns to eliminate:

• saturating_sub, saturating_add, saturating_mul in production paths.
• implicit multiplication/addition on financial values without checked handling.

Breaking Changes

• Some operations that previously clamped may now return errors.
• Public method signatures may become fallible (Result) where necessary.

Acceptance Criteria

• No saturating_* in production financial core logic.
• Checked arithmetic + explicit error propagation in audited modules.
• Error cases covered by tests.
• Full CI checks pass.

Out of Scope

• Naming refactors already covered by [Breaking] Rename execution domain: Transaction -> Trade #8/[Breaking] Add TradeId and remove raw Uuid from execution API #9.

[joaquinbejar]

Recreated as #20 (#20) using the correct author account (joaquinbejar). Closing this issue to avoid duplicate tracking.