Check that `SYST.set_reload`'s argument is valid

[Ecco]

The SYST.set_reload takes a number of cycles as an argument. Even though the type of this argument is an u32, only values that fit on 24 bits are valid. The code does document this caveat, however in practice there is no check being enforced.

As a result, it's very easy to pass a value that's too large and that will silently overflow, leading to a hard-to-diagnose incorrect behavior.

Would it make sense to add an assertion about the argument there?

[newAM]

The discussion about handling out-of-range inputs has been happening in the WG meetings and rust-embedded/riscv#212

Cortex-M should adopt whatever comes out of that for a similar experience across architectures as @romancardenas suggested.