Merge branch 'utf8 fixes' into blead

This branch reimplements the forbidding of code points above IV_MAX in
such a way that encountering UTF-8 evaluating to such doesn't kill the
receiving process, but is treated as an ordinary overflow.  To do
otherwise can lead to Denial of Service attacks.

It fixes several bugs that occur only on UTF-8 that is malformed or for
very large code points.

And it cleans up and revamps the testing of the XS API for UTF-8 so that
more coverage is done, but in a fraction of the previous time needed.