LibWeb: Do not use JS::Handle for mutation observers

Using JS::Handle in WebEngineCustomData means that mutation observers
will live as long as VM while actually they should be deallocated as
soon as they are no longer used in a script that created them.

Userland/Libraries/LibWeb/Bindings/MainThreadVM.h

@@ -49,7 +49,7 @@ struct WebEngineCustomData final : public JS::VM::CustomData {
 
     // https://dom.spec.whatwg.org/#mutation-observer-list
     // FIXME: This should be a set.
-    Vector<JS::Handle<DOM::MutationObserver>> mutation_observers;
+    Vector<JS::NonnullGCPtr<DOM::MutationObserver>> mutation_observers;
 
     JS::Handle<JS::Realm> internal_realm;
 

Userland/Libraries/LibWeb/DOM/MutationObserver.cpp

@@ -29,7 +29,13 @@ MutationObserver::MutationObserver(JS::Realm& realm, JS::GCPtr<WebIDL::CallbackT
     agent_custom_data->mutation_observers.append(*this);
 }
 
-MutationObserver::~MutationObserver() = default;
+MutationObserver::~MutationObserver()
+{
+    auto* agent_custom_data = verify_cast<Bindings::WebEngineCustomData>(vm().custom_data());
+    agent_custom_data->mutation_observers.remove_all_matching([this](auto& observer) {
+        return observer.ptr() == this;
+    });
+}
 
 void MutationObserver::initialize(JS::Realm& realm)
 {