preemptive.rs: Use Instant::checked_add instead of raw subtraction

The implementations of Add / Sub (et al.) on std::time::Instant can panic if the underlying OS structure can't represent the result (like #266 (closed)). Use Instant::checked_add and print a warning instead, to prevent panicking.

Also, we now add instead of subtracting; I suspect it's reasonable that you might not be able to go backward past the first Instant created on some platforms, but going forward should probably work?