mcs: refactor refill_budget_check to ease verification

[michaelmcinerney]

This refactors refill_budget_check and schedule_used to ease verification by limiting heap access via refill_head and refill_tail, and providing (inlined) named functions for both the condition and bodies of the loops.