Crash under ReportingScope::unregisterReportingObserver()

https://bugs.webkit.org/show_bug.cgi?id=260038
rdar://113533957

Reviewed by David Kilzer.

The ReportingScope keeps the ReportingObservers alive via its `m_reportingObservers`
vector. The crash would happen because ReportingScope::removeAllObservers() would
call clear() on this vector, which may cause ReportingObserver objects to get
destroyed. In turn, the ReportingObserver destructor would call
ReportingScope::unregisterReportingObserver() to unregister itself. This would
try to modify the vector while it is in the middle of getting cleared.

To address the issue, the ReportingObserver destructor no longer attempts to
unregister itself from the ReportingScope. Since the ReportingScope keeps a
strong reference to the observers, there is no way the observer is still
registered if its destructor gets called.

* Source/WebCore/Modules/reporting/ReportingObserver.cpp:
(WebCore::ReportingObserver::~ReportingObserver): Deleted.
* Source/WebCore/Modules/reporting/ReportingScope.cpp:
(WebCore::ReportingScope::unregisterReportingObserver):

Canonical link: https://commits.webkit.org/266791@main

Source/WebCore/Modules/reporting/ReportingObserver.cpp

@@ -77,10 +77,7 @@ ReportingObserver::ReportingObserver(ScriptExecutionContext& scriptExecutionCont
 {
 }
 
-ReportingObserver::~ReportingObserver()
-{
-    disconnect();
-}
+ReportingObserver::~ReportingObserver() = default;
 
 void ReportingObserver::disconnect()
 {

Source/WebCore/Modules/reporting/ReportingScope.cpp

@@ -65,7 +65,7 @@ void ReportingScope::registerReportingObserver(ReportingObserver& observer)
 
 void ReportingScope::unregisterReportingObserver(ReportingObserver& observer)
 {
-    m_reportingObservers.removeFirstMatching([&observer](auto item) {
+    m_reportingObservers.removeFirstMatching([&observer](auto& item) {
         return item.ptr() == &observer;
     });
 }