GC borrow hazard in Document::gather_active_resize_observations_at_depth

[jdm]

There's a loop over the elements of a vector that are mutably borrowed, and then we call a method that can GC on each element.

https://github.com/servo/servo/blob/main/components/script/dom/document.rs#L3065

[jdm]

I suspect this is observable with:

1. ./mach build -d --debug-mozjs
2. ./mach test-wpt /resize-observer/observe.html --pref js.mem.gc.zeal.level=2 --pref js.mem.gc.zeal.frequency=1 --headless --timeout-multiplier=10

[jdm]

Ok, the tests in /resize-obsever/ are not enough to tickle this particular hazard because it requires a very precise setup:

• Document::Fonts() has never been called
• it's the very first layout operation
• somehow this layout operation is triggered by the resize observer loop

This is an impossible combination, I believe. It makes me want to find a way to remove the use of document.Fonts() from Window::reflow, since that's the only use of a CanGc marker and it's the reason this looks like a GC borrow hazard.