[sandbox] Fix verify_csa mode when the sandbox is enabled

For the purpose of graph verification, a SandboxedPointer is equivalent
to a Word64. The SandboxedPointer representation only affects lowering,
which needs to perform encoding/decoding of the pointer when
storing/loading it to/from the heap. As such, this CL promotes
kSandboxedPointer to kWord64 representation for graph verification.

Bug: v8:10391
Change-Id: I466f03dc7bbe9ed8f7b4f431aee5b14bd6db3d31
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3483658Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79225}

src/compiler/machine-graph-verifier.cc

@@ -85,6 +85,10 @@ class MachineRepresentationInferrer {
       case MachineRepresentation::kWord16:
       case MachineRepresentation::kWord32:
         return MachineRepresentation::kWord32;
+      case MachineRepresentation::kSandboxedPointer:
+        // A sandboxed pointer is a Word64 that uses an encoded representation
+        // when stored on the heap.
+        return MachineRepresentation::kWord64;
       default:
         break;
     }