Fail earlier on coercions from "too big" `BigInteger` into fixed-size types (`int`, `long`, `short`)

[cowtowncoder]

(note: offshoot of FasterXML/jackson-databind#2157)

There is a potential Denial-of-Service attack vector in which attacker may include long BigIntegers, with size like 1 million digits (which is still feasible to send), targeted at processing that expects one of Java's fixed-length "small" integer types (int, long most commonly), and cause asymmetrically high processing load. This because JDK's conversion from BigInteger to these types is surprisingly slow; and because Jackson tries to retain accuracy

[cowtowncoder]

Note to self: first patch covers cases where int, long are expected for _parseSlowInt(). But it was suggested cases for float and double (from JSON integer) should also be handled -- this is probably true, but I need to make sure I understand where this code path comes from, and then apply appropriately.

[cowtowncoder]

I think I will consider first part done; if and when potential gaps are found let's create new issues.