add runtime sanity checks

In contrast to most of the other parts of the codebase, the "sexpr"
utility and manipulation code deals with a lot of raw pointers. This
change adds a number of runtime assertions and null pointer checks
so that potential future bugs in consumers of the API will trigger
an exception instead of generating invalid memory reads or writes.

Still, correct could should never trigger any of the newly added
runtime errors; every thrown exception is considered a bug.