[heap] track byte_length in ArrayBufferTracker

This changes ArrayBufferTracker to count array buffer byte length instead of
allocation length. Byte length better approximates actual memory pressure
because it refers to how many bytes are actually committed, whereas for
allocation length, these bytes may be reserved but not committed.

Note that we still need to be careful about address space exhaustion. Most
address space is used by WebAssembly's guard regions. These are now managed by
WasmMemoryTracker to ensure we do not consume too much address space.

As a side effect, this CL fixes v8:7576 because byte_length() does not need to
access the is_wasm_memory field whereas allocation_length() does.

Bug: v8:7576
Change-Id: Ib974e86ec61e170930c835f0f0ad03e89dc02854
Reviewed-on: https://chromium-review.googlesource.com/973884Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52155}

src/heap/array-buffer-tracker-inl.h

@@ -54,7 +54,7 @@ void LocalArrayBufferTracker::Free(Callback should_free) {
   for (TrackingData::iterator it = array_buffers_.begin();
        it != array_buffers_.end();) {
     JSArrayBuffer* buffer = reinterpret_cast<JSArrayBuffer*>(*it);
-    const size_t length = buffer->allocation_length();
+    const size_t length = buffer->byte_length()->Number();
     if (should_free(buffer)) {
       buffer->FreeBackingStore();
       it = array_buffers_.erase(it);