Move shadow translation endpoint tweak out of translation routine

[derekbruening]

This was noticed in PR #2300
#2300 (comment)

umbra_xl8_app_to_shadow() contains an extra step where it does:

    /* special handling on case like 0x800'00000000 & 0xff'ffffffff */
    if (pc != 0 && addr == map->disp)
        addr += (map->mask + 1);

This is of course not present in the inlined instrumentation translation, which by design does not contain branches and only does masks and adds.

This is just trying to obtain the corresponding end of the shadow mapping for an app region with an open endpoint. So if this is our app region and it does not include 0x800':

 *   app2: [0x000007F0'00000000, 0x00000800'00000000): lib

It's trying to let you ask about the end of that region's shadow memory by passing the open end of the app region.
But that's just confusing to be present in regular translation, and does the wrong thing if passed an actual address.

Instead, callers who know they are asking about the endpoint should pass -1 and then do +1 like this:

https://github.com/DynamoRIO/drmemory/pull/2301/files#diff-e88a4a2cc5d58ef58b542c5ec5473ac798f340de617d3b32bfc157fec6494566R51

This issue covers removing that tweak and doing -1,+1 in whatever callers are asking about endpoints.