AtomicReadModifyWrite is not checking shrunk ArrayBuffer after ToIntegerOrInfinity

[Constellation]

Right now, AtomicReadModifyWrite is only checking detached buffer after [ToIntegerOrInfinity](https://tc39.es/ecma262/#sec-tointegerorinfinity). This means that, if shrinking happens via this toIntegerOrInfinity, then indexedPosition can be out-of-bounds in non-shared ArrayBuffer.
Note that Atomics RMW operations can be performed onto non-shared ArrayBuffer-backing TypedArrays. (While notify / wait etc. works only for SharedArrayBuffer-backing TypedArrays). Thus, shrinking can happen via resize method.

Also, note that ValidateAtomicAccess happens before performing ToIntegerOrInfinity, so we need yet another check basically.

https://tc39.es/ecma262/#sec-atomicreadmodifywrite

[Constellation]

Also, this can be applied to Atomics.store etc.

[Constellation]

var buffer = new ArrayBuffer(128, { maxByteLength: 1024 });
var typedArray = new Int32Array(buffer);
Atomics.and(typedArray, 4, { valueOf() { buffer.resize(0); return 0; } });

[syg]

Thanks, yep, that sounds right to me. Looks to me like those IsDetached calls need to be replaced with IsIntegerIndexedObjectOutOfBounds.

Correction: IsIntegerIndexedObjectOutOfBounds isn't sufficient, we also need to recheck the index < length.