Harden Wasmtime's compiled GC code against corruption

[alexcrichton]

In the spirit of #13320 this commit goes through the compiled code for the GC proposal to ensure that, in the face of GC corruption, Wasmtime by default can recover and return a "bug" to the embedder. This was also discussed a bit in #13112 as well, and the changes made here are:

• Plumbing traps from translation into the runtime now uses a new CompiledTrap enum instead of just the normal Trap. This new enum has branches for InternalAssert (not previously present) and additionally GcHeapCorrupted (now added).
• Whether or not CompiledTrap::{InternalAssert,GcHeapCorrupted} is encoded into the final *.cwasm is now a Tunables configuration option. Internal asserts are not encoded by default but GC heap corruption is.
• Traps caught as CompiledTrap::{InternalAssert,GcHeapCorrupted} are turned into WasmtimeBug and propagated upwards. Traps stay as normal traps.
• All memory accesses to the GC heap now use CompiledTrap::GcHeapCorrupted as their trap code. Additionally they're also no longer marked as readonly in a few places.
• A few locations in GC translation using InternalAssert now use GcHeapCorrupted, such as the checked arithmetic around array lengths. Other assertions which are about control flow are left untouched.

The end state is that faults in the GC heap in compiled code itself should show up as a bug! on the other end by default. This requires extra metadata in *.cwasms mapping traps, but this is similar to linear-memory-using-wasms which have lots of trap metadata for loads/stores. Being able to catch InternalAssert as a first-class error (as opposed to a signal) is a debugging nicety I've added here but remains off-by-default to avoid bloating *.cwasms for internal debugging.

Closes #13112

[github-actions]

Subscribe to Label Action

cc @fitzgen

Details

This issue or pull request has been labeled: "fuzzing", "wasmtime:api", "wasmtime:config"

Thus the following users have been cc'd because of the following labels:

• fitzgen: fuzzing

To subscribe or unsubscribe from this label, edit the .github/subscribe-to-label.json configuration file.

Learn more.

[github-actions]

Label Messager: wasmtime:config

It looks like you are changing Wasmtime's configuration options. Make sure to
complete this check list:

• If you added a new Config method, you wrote extensive documentation for
  it.

  Details

  Our documentation should be of the following form:

  Short, simple summary sentence.
  
  More details. These details can be multiple paragraphs. There should be
  information about not just the method, but its parameters and results as
  well.
  
  Is this method fallible? If so, when can it return an error?
  
  Can this method panic? If so, when does it panic?
  
  # Example
  
  Optional example here.
  

• If you added a new Config method, or modified an existing one, you
  ensured that this configuration is exercised by the fuzz targets.

  Details

  For example, if you expose a new strategy for allocating the next instance
  slot inside the pooling allocator, you should ensure that at least one of our
  fuzz targets exercises that new strategy.

  Often, all that is required of you is to ensure that there is a knob for this
  configuration option in wasmtime_fuzzing::Config (or one
  of its nested structs).

  Rarely, this may require authoring a new fuzz target to specifically test this
  configuration. See our docs on fuzzing for more details.

• If you are enabling a configuration option by default, make sure that it
  has been fuzzed for at least two weeks before turning it on by default.

---

Details

To modify this label's message, edit the .github/label-messager/wasmtime-config.md file.

To add new label messages or remove existing label messages, edit the
.github/label-messager.json configuration file.

Learn more.