Functions which take untrusted user ranges must validate against the
bounds of the map, and also check for wraparound. Instead of having the
same logic duplicated in a number of places, add a function to check.
This somewhat duplicates the VM_MAP_RANGE_CHECK macro, which does not in
fact do any checking but rather clips the range based on the map bounds.
Some functions (like kern_mprotect()) rely on this, while others
(kern_madvise()) do not. As a future step I think we should add such
checking to all syscall paths, and convert VM_MAP_RANGE_CHECK to
assert the validity of the range.