As suggested on D105733, this adds a verifier rule that calls to intrinsics must match the signature of the intrinsic.
Without opaque pointers this is automatically enforced for all calls, because the pointer types need to match. If the signatures don't match, a pointer bitcast has to be inserted. For intrinsics in particular, such bitcasts are not legal, because the address of intrinsics cannot be taken.
With opaque pointers, there are no more pointer bitcasts, so it's generally possible for the call and the callee signature to differ. However, for intrinsics we still want to enforce that the signature must match, the same as was done before through the address taken check.
We can't enforce this more generally for non-intrinsics, because calls with mismatched signature at the very least can legally occur in unreachable code, and might also be valid in some other cases, depending on how exactly the signatures differ.