When the interface descriptor of a builtin uses DEFINE_JS_PARAMETERS, the extra stack arguments must be positioned just above the return address, otherwise we would need to calculate its offset depending on the actual number of the arguments, we currently use a fixed offset to access them in CSA.

Therefore, these extra arguments are either the first arguments when V8_REVERSE_JSARGS is enabled or otherwise the last arguments.

Change-Id: If38ac7fd7f0079fc0e4fdccdb6cfb26e0425eb84
Bug: v8:10825
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2379854Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69714}