ANDROID: rust_binder: print and avoid underflow with invalid refcnt

Userspace may send invalid refcount changes that correspond to handles
that do not exist, or are otherwise invalid decrements. (For example, a
weak decrement on a node that only has strong refs.) When such invalid
usage of the userspace API happens, just print and do not change the
refcnt.

This fixes a crash on underflow when computing `0-1` with an unsigned
integer.

Bug: 426101719
Reported-and-tested-by:  <syzbot+983b7a2aeabc09449c43@syzkaller.appspotmail.com>
Fixes: dac7c66b ("ANDROID: rust_binder: move Rust Binder in preparation for GKI module")
Change-Id: I987a5dd3a4b028c0dc843fc3b3a4e0087a46fd37
Signed-off-by: Alice Ryhl <aliceryhl@google.com>