Fix UAF in `best::vec::splice()`

[mcy]

There were three separate bugs I tripped over:

1. When splicing a range in, we were assigning to the newly allocated but uninitialized objects, which is essentially a UAF.
2. When appending a vector to itself, the size used would be the one overwritten by insert_uninit. Self-splicing now works in all cases.
3. vec::assign() with an inlined vector could leak memory.

I've added a test for these cases.