Au::from_px can overflow.

[emilio]

While trying to run debug assertions in our automation (https://github.com/servo/servo/pull/13387#pullrequestreview-2450541), I discovered an integer overflow in an image dimension setter, caused by Au::from_px.

Should we check for overflow in that function and return None in that case? Or should we just use unchecked arithmetic in debug builds?

cc @pcwalton @mbrubeck

[emilio]

Alternatively, of course, we can keep the checks and add an Au::from_px_unchecked for sites where we know this can happen, but there's not too much we can do about it, and Au::from_px_checked for sites where we explicitly want to handle that.