Slots in free memory need to be removed. After a GC the JS application can create additional free memory by either left- or right-trimming
of heap objects. The sweeper might discover memory that was freed
because of such operations.

In case the sweeper discovers free memory, there can't be any
recorded slots in it. Otherwise subsequent allocations might store
untagged values in those slots and the next deref would most
likely crash.

Remove OLD_TO_SHARED slots in freed memory when left-trimming, right-
trimming and for DeleteObjectPropertyFast.

Also full GC was right-trimming objects which now needs to remove
slots in OLD_TO_SHARED.

Bug: v8:11708
Change-Id: I5761336e103704929fbd455d74bdbb499ae23f61
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3905144Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#83314}