ShouldVisit() uses obj.Size() to increment the live bytes counter after
the object was successfully marked grey. However, this re-reads the
length field which could have already been overwritten by a
concurrent left-trimming operation on the main thread. Fix this by
calculating the object size later with the length field we read before
marking that object black. That value is guaranteed to be a SMI.

Bug: chromium:1273352
Change-Id: I47e5a2df3eef61b4ef07af943f30123e5c2f7f9d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302793
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78093}