Fix invalid read of language mode from StorePropertyParameters.

Fixes an invalid cast of an Operator1<StorePropertyParameters> object
to Operator1<LanguageMode> by reading the language mode from
StorePropertyParameters. This code happened to work before because
StorePropertyParameters's first field has type LanguageMode.

Cleanup for cfi_vptr=1; see https://www.chromium.org/developers/testing/control-flow-integrity

BUG=chromium:457523
R=bmeurer@chromium.org
LOG=N

Review URL: https://codereview.chromium.org/1311393008

Cr-Commit-Position: refs/heads/master@{#30493}

src/compiler/js-generic-lowering.cc

@@ -371,7 +371,7 @@ void JSGenericLowering::LowerJSLoadGlobal(Node* node) {
 void JSGenericLowering::LowerJSStoreProperty(Node* node) {
   CallDescriptor::Flags flags = AdjustFrameStatesForCall(node);
   const StorePropertyParameters& p = StorePropertyParametersOf(node->op());
-  LanguageMode language_mode = OpParameter<LanguageMode>(node);
+  LanguageMode language_mode = p.language_mode();
   // We have a special case where we do keyed stores but don't have a type
   // feedback vector slot allocated to support it. In this case, install
   // the megamorphic keyed store stub which needs neither vector nor slot.