LibJS: Grow storage when adding a property to uniquely-shaped Object

Normally the storage would be expanded by set_shape() upon transition
to a new shape, but if the shape is already unique, there is no new
transition so we have to expand the storage manually.

Libraries/LibJS/Runtime/Object.cpp

@@ -119,6 +119,7 @@ void Object::put_own_property(Object& this_object, const FlyString& property_nam
     if (!metadata.has_value()) {
         if (m_shape->is_unique()) {
             m_shape->add_property_to_unique_shape(property_name, attributes);
+            m_storage.resize(m_shape->property_count());
         } else {
             set_shape(*m_shape->create_put_transition(property_name, attributes));
         }

Libraries/LibJS/Tests/delete-globalThis-property-crash.js

@@ -0,0 +1,10 @@
+load("test-common.js");
+
+try {
+    a = 1;
+    assert(delete globalThis.a === true);
+    a = 2;
+    console.log("PASS");
+} catch (e) {
+    console.log("FAIL: " + e);
+}