Potential overflow when decoding in `RoaringBitmap::deserialize_from_impl()`

[kirk-baird]

What is the issue

There is an overflow in deserialize_from_impl() that can be reached if s + len overflow a u16.

The overflow is reachable as both s and len are decoded from user input.

Noting in release mode this will wrapping overflow and not cause a panic. However, a panic would occur in debug mode.

What is the solution

Use checked math and propagate the error.