uid-range: fix out-of-bounds write in uid_range_partition()

uid-range: fix out-of-bounds write in uid_range_partition()

uid_range_partition() filled the grown entries[] buffer backwards in
place. The backward-fill invariant (the write cursor stays above the
read index) only holds when every source entry contributes at least
one partition; an entry with nr < size contributes zero, so the cursor
stalls while the read index keeps descending. A later multi-part
entry's writes then overwrite the still-live zero-part slot, the
corrupted slot is re-read as a one-part entry, and the next
range->entries[--t] underflows.

Add a forward compaction first pass that drops the zero-part entries
before the backward fill.

Follow-up for 025439faaa8c053fab9fd01fb5f45fb819408bc5

Co-Authored-by: Paul Meyer <katexochen0@gmail.com>