[naga] The fuzzer should be able to create valid `naga::Module`s

[jimblandy]

To improve our security, Naga needs a function that can create a Module that passes validation, driven by an arbitrary data stream, like that provided by cargo fuzz. This should be something like WebAssembly's wasm-smith:

Features

• Always valid: All generated Wasm modules pass validation. wasm-smith gets past your wasm parser and validator, exercising the guts of your Wasm compiler, runtime, or tool.

• Supports the full WebAssembly language: Doesn't have blind spots or unimplemented instructions.

• *Implements the [Arbitrary](https://docs.rs/arbitrary//arbitrary/trait.Arbitrary.html) trait**: Easy to use with cargo fuzz and libfuzzer-sys!

• Deterministic: Given the same input seed, always generates the same output Wasm module, so you can always reproduce test failures.

• Plays nice with mutation-based fuzzers: Small changes to the input tend to produce small changes to the output Wasm module. Larger inputs tend to generate larger Wasm modules.

[jimblandy]

I hear that a lot of the complexity in wasm-smith arises from the tension between these requirements:

• it must always produce valid modules
• it should cover the entire language
• it should generate a wide variety of structures