Range

[Dspil]

This PR adds range for slices and arrays.
Slices and arrays have the same behavior regarding range. The general transformation to support that is the following:
Given a simple range loop in gobra:

<invariants>
for i, j := range x {
	<body>
}

It is transformed into:

var i int
var j <type of elements of x>
<invariants>
invariant 0 <= i && i <= len(x)
invariant 0 <= i && i < len(x) ==> j == x[i]
while i < len(x) {
    <body>
    i += 1
    if (i < len(x)) j = x[i]
}

The extra invariants are added after the user provided invariants as the second one refers to the expression in range and the user has to have provided an invariant granting access to that before.

In the case where we have a normal assignment for i, j = range x and not a short one, the transformation is the same, minus the variable declarations. In this case i and j could be any lvalues.

[jcp19]

Apart for the small comments we discussed in person, LGTM! I am in favor of merging it but I would like the opinion of @Felalolf or @ArquintL before doing so - in particular, I wonder whether we should just require the user to write the invariants by hand at all the times instead of trying to generate the obvious ones. The disadvantage of doing so is that (1) we have more code, (2) it might make error messages a bit obscure as shown in test case src/test/resources/regressions/features/loops/range-fail2.gobra

[Felalolf]

I do not like that the transformation is handled by the desugarer, but since it is urgent, we can go with this solution until we might change it.