One of the serializer fuzzers passes in random data to the deserializer,
which can then be used to deserialize a JSRegExp instance with random flag
contents. This can cause issues since the JSRegExp::Flag enum statically
contains kDotAll - but it is only valid to set kDotAll iff
FLAG_harmony_regexp_dotall is set.

This CL verifies deserialized flags before constructing the JSRegExp
and bails out if they are invalid.

R=jbroman@chromium.org,yangguo@chromium.org
BUG=chromium:719280

Review-Url: https://codereview.chromium.org/2870743004
Cr-Commit-Position: refs/heads/master@{#45222}