Add range safety check for range_mod and range_del
    
    range_mod and range_del command could easily create objects with
    ID which is suddenly out of specified range. This could cause issues
    in trust scenarios where range objects are used for computation of
    remote IDs.
    
    Add validator for both commands to check if there is any object with
    ID in the range which would become out-of-range as a pre_callback.
    Also add unit tests testing this new validator.
    
    https://fedorahosted.org/freeipa/ticket/2919