tests: Make CFG toJSON test arch-agnostic

The block count and branch shape of the compiled target vary by
architecture; on qnx-armeabi gum_toupper is a single block, which
tripped the stricter assertions.

Assert only that the cyclic graph round-trips through JSON without
overflowing and that edges serialize as addresses.

gumjs: Add script interrupt and terminate APIs

Add two ways to stop a running script from another thread:

  - gum_script_interrupt() aborts the in-flight JavaScript once and
    leaves the script loaded and immediately runnable, e.g. so a REPL
    can recover from a runaway evaluation after Ctrl+C.
  - gum_script_terminate() aborts and tears the script down through
    the regular asynchronous unload path.

interrupt() is a no-op while nothing is executing, so a request that
arrives just as an operation completes cannot abort the next,
unrelated one. Execution is tracked at the top-level scope boundary,
and a one-shot that never fires is dropped on the way out.

QuickJS polls a per-script interrupt flag through an interrupt handler
and swallows the resulting uncatchable error centrally. V8 uses
Isolate::TerminateExecution() and lifts the sticky termination state
once execution unwinds, except while terminating, where teardown is
driven by the scheduled unload instead.

Originally proposed in PR #1119.

Co-Authored-By: Ole André Vadla Ravnås <oleavr@frida.re>

gumjs: Add toJSON to ControlFlowGraph et al

Render these classes under JSON.stringify by copying each
property into a plain object.

submodules: Bump releng

module: Add size to GumExportDetails

Carry each export's size so a caller can bound a function from its
entry alone, mirroring GumSymbolDetails. The ELF backend fills it
from st_size; backends without the information (Android linker
magic, Darwin, Windows) report -1, following the symbol convention
where -1 means unknown and 0 is a genuine size.

Expose it on enumerateExports() results in the QuickJS and V8
runtimes, and bind both the export and symbol size in the VAPI.

process: Reject stale file mapping on Darwin

PROC_PIDREGIONPATHINFO returns the region containing the queried
address or, when none does, the next region after it. Under Rosetta
the latter happens for anonymous regions such as the malloc heap, so
they were wrongly attributed to an unrelated file mapping and then
had their size clamped to that file, hiding most of the range.

Discard the result unless the queried address actually falls within
the returned region.

subprojects: Bump outdated

exceptor: Divert PC on arm64e via trampoline

Let exception handlers registered via gum_exceptor_add() redirect PC
and modify registers on arm64e despite XNU rejecting any modified
sigreturn context. After the user handler returns TRUE, siglongjmp
out of the signal handler into a trampoline that restores the
requested register set and branches raw to the requested PC,
bypassing sigreturn.

tests: Fix a stylistic inconsistency

readme: Add build and test instructions