gracefully handle invalid DAGs from the database

[davepacheco]

See

steno/src/saga_exec.rs

Lines 1072 to 1074 in 0c71fe5

	// TODO-robustness we validate that there's exactly one final
	// node when we build the DAG, but we should also validate it
	// during recovery or else fail more gracefully here. See #32.

It's unclear how high priority this is. This should be impossible because we validate DAGs before we write them to the database. And we only intend to run a given saga with a given Nexus version. However, if we ever did mess this up, a Nexus instance running that saga would wind up in a panic loop, which is pretty bad.

[davepacheco]

Also covered in #32.