Handle FETCH_DIM_R after FETCH_DIM_FUNC_ARG in inference

This can happen if a call is optimized, but FETCH_DIM_FUNC_ARG
cannot be converted to FETCH_DIM_R because it uses an UNUSED op2,
which is not supported by FETCH_DIM_R.

Fixes oss-fuzz 6144185837682688.

Author: nikic

Zend/tests/func_arg_fetch_optimization.phpt

@@ -0,0 +1,15 @@
+--TEST--
+FETCH_DIM_FUNC_ARG that cannot be optimized to FETCH_DIM_R because it appends
+--FILE--
+<?php
+function test($x) {
+    test($x[][$y]);
+}
+try {
+    test([]);
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+Cannot use [] for reading

ext/opcache/Optimizer/zend_inference.c

@@ -3389,6 +3389,7 @@ static zend_always_inline int _zend_update_type_info(
 								 * is already an object. */
 								break;
 							case ZEND_SEND_VAR:
+							case ZEND_FETCH_DIM_R:
 								/* This can occur if a DIM_FETCH_FUNC_ARG with UNUSED op2 is left
 								 * behind, because it can't be converted to DIM_FETCH_R. */
 								break;