[release/8.0] JIT: Disallow mismatched GC-ness for physical promotions (#90739)

[release/8.0] JIT: Disallow mismatched GC-ness for physical promotions (#90739)

* JIT: Disallow mismatched GC-ness for physical promotions

Physical promotion was working under the assumption that reinterpreting
GC pointers is undefined behavior, and would happily promote GC pointers
as integers if it saw such accesses. However, physical promotion is
function wide while the UB accesses can be happening in a restricted
(dynamically unreachable) scope. This exact situation happens in
MemoryExtensions.Contains. The issue was uncovered under jit stress
where we did not fold away the guard early enough, meaning that
promotion then saw a `TYP_LONG` access of a `struct { object, int }` and
proceeded to promote it as such.

Fix #90602

* Address feedback

---------

Co-authored-by: Jakob Botsch Nielsen <jakob.botsch.nielsen@gmail.com>