JSHeapBroker::ReadFeedbackForCall() - it may be that the JSFunction
we read in the feedback vector hasn't been store-ordered and is
therefore unsafe to read. Therefore, we need to call the gc
predicate to ensure safety.

JSFunctionRef::feedback_vector() & raw_feedback_cell() - I was able
to remove the TODO warning about uninitialized data visible from
a direct read of these fields from the background. This is because
we either store-order into those fields, or rely on a prior
store-ordering. Additionally, FeedbackVectorRef and FeedbackCellRef
are never-serialized objects, so their first encounter on the
background thread is fine (we don't need to have seen and
serialized them on the main thread first).

Bug: v8:7790
Change-Id: I9cd19999e70fadcf62778dac2b0f679966a4a53f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3026708Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75720}