This CL changes the accounting of array buffers, such that Detach
deducts the backing store immediately. Previously this was corrected
in the next GC cycle.

Not updating backing_store_bytes_ immediately could cause an overflow
in WasmMemoryObject::Grow. Grow first detaches the backing store from
the old JSArrayBuffer and then attaches it to a new one. This results
in the backing store being accounted twice temporarily, this could cause
overflows on 32-bit systems.

Bug: chromium:1204455
Change-Id: I7cf2ca9a12bb5caf7bcffa25a34567774cf155b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2871458
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74429}