Fuzz bug: missing bounds checks in element segment instantiation

[tlively]

V8 very reasonably fails to instantiate this module:

(module
 (table $0 1 funcref)
 (elem $0 (offset (i32.sub (i32.const 0) (i32.const 1))))
)

But our interpreter does not perform the proper bounds checks, so it happily allows instantiation to succeed. Instead of adding the bounds checks, we should have the initialization logic call out to the interpretation of table.init, which is what the spec does.

[kripken]

Looks like we don't have TableInit implemented yet, so that would be the first step here.