chore: cherry-pick 3 changes from Release-3-M116

[ppontes]

electron/security#402 - 74a2eb9c8cb2 from chromium

Readd lock when ObserverListMap::erase()

We should lock when remove an item from the map.
This lock was accidentally removed in:
https://chromium-review.googlesource.com/c/chromium/src/+/4280021

(cherry picked from commit a41479ba6efb5e48b82edad972c7dded6f385b79)

Bug: 1469928
Change-Id: I2512e14d4ad9b246cadae947023dbccb5158da51
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4790983
Auto-Submit: Yoichi Osato yoichio@chromium.org
Reviewed-by: Yoichi Osato yoichio@chromium.org
Reviewed-by: Koji Ishii kojii@chromium.org
Commit-Queue: Koji Ishii kojii@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1187668}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4820108
Reviewed-by: Kent Tamura tkent@chromium.org
Commit-Queue: Kent Tamura tkent@chromium.org
Cr-Commit-Position: refs/branch-heads/5845@{#1666}
Cr-Branched-From: 5a5dff63a4a4c63b9b18589819bebb2566c85443-refs/heads/main@{#1160321}

electron/security#401 - 038530c94a06 from v8

Merged: [turbofan] Growing a non-JSArray packed elements kind makes it holey

Bug: chromium:1473247
(cherry picked from commit ae7dc61652805bc8e2b060d53b2b6da7cf846b6f)

Change-Id: I5268513bc91ca0cc18e3e2115244c0b090afa0da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4831892
Auto-Submit: Leszek Swirski leszeks@chromium.org
Owners-Override: Leszek Swirski leszeks@chromium.org
Commit-Queue: Darius Mercadier dmercadier@chromium.org
Reviewed-by: Darius Mercadier dmercadier@chromium.org
Commit-Queue: Leszek Swirski leszeks@chromium.org
Cr-Commit-Position: refs/branch-heads/11.6@{#34}
Cr-Branched-From: e29c028f391389a7a60ee37097e3ca9e396d6fa4-refs/heads/11.6.189@{#3}
Cr-Branched-From: 95cbef20e2aa556a1ea75431a48b36c4de6b9934-refs/heads/main@{#88340}

electron/security#400 - 26175b0903d8 from chromium

[FedCM] ReportBadMessage when the provider list is empty

The provider list should not be empty unless the API is called from a
compromised renderer.

(cherry picked from commit 3b19acb01dcea93b423aa0da56c4a9811a067353)

Change-Id: I3e497fae2343342b3ec6b17bd663f2ec1bf12d54
Bug: 1476403
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4822925
Reviewed-by: Nicolás Peña npm@chromium.org
Commit-Queue: Yi Gu yigu@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1189841}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4833411
Commit-Queue: Nicolás Peña npm@chromium.org
Auto-Submit: Yi Gu yigu@chromium.org
Cr-Commit-Position: refs/branch-heads/5845@{#1698}
Cr-Branched-From: 5a5dff63a4a4c63b9b18589819bebb2566c85443-refs/heads/main@{#1160321}

Notes:

• Security: backported fix for CVE-2023-4763.
• Security: backported fix for CVE-2023-4762.
• Security: backported fix for CVE-2023-4761.

[release-clerk]

Release Notes Persisted

• Security: backported fix for CVE-2023-4763.
• Security: backported fix for CVE-2023-4762.
• Security: backported fix for CVE-2023-4761.