Fix ZFS panic on space map corruption #17812

[tidjean]

Add defensive validation to prevent kernel panics when corrupted space map data is encountered during pool import. Instead of panicking, the system now logs corruption and continues in read-only mode.

Changes:

• space_map.c: Add bounds checking in space_map_load_callback to skip zero-sized and out-of-bounds entries
• range_tree.c: Add defensive check in zfs_range_tree_remove_impl to detect corrupted segment bounds and recover gracefully

Motivation and Context

Description

How Has This Been Tested?

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Performance enhancement (non-breaking change which improves efficiency)
• Code cleanup (non-breaking change which makes code smaller or more readable)
• Quality assurance (non-breaking change which makes the code more robust against bugs)
• Breaking change (fix or feature that would cause existing functionality to change)
• Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv)
• Documentation (a change to man pages or other documentation)

Checklist:

• My code follows the OpenZFS code style requirements.
• I have updated the documentation accordingly.
• I have read the contributing document.
• I have added tests to cover my changes.
• I have run the ZFS Test Suite with this change applied.
• All commit messages are properly formatted and contain Signed-off-by.

[amotin]

On a quick look this looks like a pretty narrow solution. Please see this discussion: #17094 (comment).