Add safe_numel()

[lucylq]

Problem:

Currently, computing numel() may overflow, potentially causing heap overflows and other security risks. How can we fix this?

• do not want to abort on overflow; instead we should error out gracefully.
• however, compute_numel() is called directly inside ctors to populate the member variable 'numel'. We cannot error out in a ctor.

Solutions

1. Compute numel() on the fly instead of in the ctor.

• This means the member numel() function has to return a Result. We may not be able to do this because of aten and BC. Instead, add a safe_numel() and potentially mark the original numel() as deprecated.

2. Pass in precomputed numel()

• The blast radius is a bit large but manageable. Main issue is there are no guarantees that it matches the tensor metadata.