Generating `Small Natural`s leads to arithmetic underflows

[isovector]

The following generator will crash when run:

bug :: Gen Natural
bug = fmap getSmall arbitrary

due to:

instance Integral a => Arbitrary (Small a) where
  arbitrary = fmap Small arbitrarySizedIntegral

arbitrarySizedIntegral :: Integral a => Gen a
arbitrarySizedIntegral =
  sized $ \n ->
  inBounds fromIntegral (chooseInt (-n, n))

inBounds :: Integral a => (Int -> a) -> Gen Int -> Gen a
inBounds fi g = fmap fi (g `suchThat` (\x -> toInteger x == toInteger (fi x)))

where inBounds doesn't catch the ArithException which arises from toInteger @Natural.