Prevent memory unsafety when array offset values are >isize::MAX

[jdm]

From #28:

All of these casts to isize when offsetting are unsafe, since they could become negative numbers and cause us to write outside of the bounds of the array. We should either use to_isize.unwrap() and panic if that occurs, or use a conversion strategy that yields a value that will gives us worse performance but correct behaviour.

At a quick readthrough, it looks like push, pop, truncate, remove, insert all suffer from the same issue if len > isize::MAX.

It looks like one might be able to manipulate that situation in a call to insert() when len == isize::MAX (then the len would get set to size::MAX + 1).

[emilio]

I doubt it's worth to fix that if this makes SmallVec slower. Any array of isize::MAX elements is literally half of the address space in the computer.

[mbrubeck]

It's currently impossible to create a SmallVec with a length greater than isize::MAX, because Vec::with_capacity will panic if the capacity overflows isize. I'm not sure if this is guaranteed to remain true in future versions of Rust, though. (It's not documented in the public libstd docs, though it is documented in the unstable liballoc documentation.)

[mbrubeck]

(We could remove all doubt by adding our own assertions that the capacity never exceeds isize::MAX.)