lib/utils: define kr_require(), kr_assume() macros

These macros should replace the use of assert() in our entire codebase. assert() have the following issues:

• can be turned off at compilation time
• they don't have consistent meaning in our code

kr_require() behaves similarly to assert - it checks a condition and aborts if it fails. Unlike asserts, these aren't turned off by using -DNDEBUG. kr_require() should be used for non-recoverable errors.

kr_assume() is a way to check for non-fatal errors which supports error reporing, debugging and recovery. The function returns a boolean value which the caller must use for error handling. An error log message is produced when the condition fails. Optionally, when kr_debug_assumption is set to true, the process will use fork() and the child will abort(). This generates a coredump for debugging purposes, while allowing the parent process to keep running and recover from the non-fatal error. This can be useful for debugging hard to reproduce errors in production environments.

Fixes #495 (closed)

---

• go through all our code and replace assert()
• allow flipping kr_debug_assumption in config (+docs, etc.)
• check if there is any performance impact compared to -DNDEBUG
• add some rate-limiting of the number of aborts?
• add a CI check that won't allow assert() in our code to guard against unintentionally using it (simple subtree grep could do the trick)