Context

Sapling (src/lib_sapling) uses its own error management style. This MR changes things:

First, it pushes assertion checks closer to the FFI calls. The FFI is written in an error-conscious style where functions can only fail if the input is invalid. Input cannot be invalid in our wrapper because the type of inputs are abstract and must be constructed by, ultimately, the FFI.
Second, it adapts to the few changes in the interface that follows from the previous point.
Third, it opens Tezos_lwt_result_stdlib.Lwtreslib's module via the dune file. This forces us to consider some corner cases that have been ignored so far. Specifically, the cases where some negative lengths are passed as arguments.

Note that:

before the MR a negative dummy inputs was simply clipped to 0, before the MR a negative dummy outputs would cause Invalid_argument in a function call to OCaml's Stdlib.List.init, after the MR both cases raise Invalid_argument,
the failure happens early (at function entrance)
the payload of the failure is specific (indicating the function name in sapling rather than the function name in OCaml's stdlib)
the failure mode is now documented (via an @raise in the docstring)

Manually testing the MR

N/A

Document the interface of any function added or modified (see the coding guidelines)
Provide automatic testing (see the testing guide).
N/A Add item in the Development Version section of CHANGES.md (only for new features and bug fixes).

Edited Jan 04, 2021 by Raphaël Proust