[sandbox] Fix --stress-snapshot after recent sandbox changes

There seem to be some issues with sandboxed external references in the
serializer which cause the --stress-snapshot mode to fail. This CL
changes the serializer to serialize external pointers that are
unsandboxed (currently all of them) as "regular" external references,
not "sandboxed" ones. This should fix the issues on the bots.

Bug: v8:10391
Change-Id: I2f889e1d0aa9c5958d4f4337e114423b650c1bb2
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3755148Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81643}

src/snapshot/serializer.cc

@@ -954,10 +954,7 @@ void Serializer::ObjectSerializer::OutputExternalReference(
     Address target, int target_size, bool sandboxify, ExternalPointerTag tag) {
   DCHECK_LE(target_size, sizeof(target));  // Must fit in Address.
   DCHECK_IMPLIES(sandboxify, V8_ENABLE_SANDBOX_BOOL);
-  // Only when V8_SANDBOXED_EXTERNAL_POINTERS is enabled are all external
-  // pointers currently actually sandboxed (i.e. have a non-null tag).
-  DCHECK_IMPLIES(V8_SANDBOXED_EXTERNAL_POINTERS_BOOL && sandboxify,
-                 tag != kExternalPointerNullTag);
+  DCHECK_IMPLIES(sandboxify, tag != kExternalPointerNullTag);
   ExternalReferenceEncoder::Value encoded_reference;
   bool encoded_successfully;
 
@@ -1080,7 +1077,8 @@ void Serializer::ObjectSerializer::VisitExternalPointer(
     // Output raw data payload, if any.
     OutputRawData(slot.address());
     Address value = slot.load(isolate(), tag);
-    constexpr bool sandboxify = V8_ENABLE_SANDBOX_BOOL;
+    const bool sandboxify =
+        V8_ENABLE_SANDBOX_BOOL && tag != kExternalPointerNullTag;
     OutputExternalReference(value, kSystemPointerSize, sandboxify, tag);
     bytes_processed_so_far_ += kExternalPointerSlotSize;