Refactor V8 Sandbox fuzzing profile

Moves the randomness of the sandbox corruption engine from the JavaScript
runtime to the Swift program generator.

Functional changes:
- Splits the monolithic `corrupt(obj, seed)` JS payload into modular
  entry points: `corruptDataWithBitflip`, `corruptDataWithIncrement`,
  `corruptDataWithReplace`, `corruptWithWorker`, and `corruptFunction`.
- Replaces JS recursion with deterministic `pathArray` tuples generated
  by Fuzzilli, explicitly passing required entropy seeds (e.g.,
  `[[Step.POINTER, offsetSeed], [Step.NEIGHBOR, hashQuery]]`).
- `corruptFunction` evaluates the entire traversal path first and only
  hijacks the function if the final target is a JSFunction.
- `corruptWithWorker` only sets up a background flipping race condition.
- Operations, sizes, bit positions, sub-field offsets, and BigInt increment
  values are now calculated natively by Fuzzilli and passed to JS as explicit
  arguments.
- Deletes the JS `Mutator` and `RNG` classes entirely, rendering the JS
  payload completely state-free.
- Adds startup tests to explicitly verify the parser and read-only safety logic
  for all new corruption entry points.

Bug: 490512258, 490522975
Change-Id: Ia4459efa2526ecd46aa6db441657905c057e1e37
Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9053496
Reviewed-by: Michael Achenbach <machenbach@google.com>
Auto-Submit: Dominik Klemba <tacet@google.com>
Commit-Queue: Dominik Klemba <tacet@google.com>

Author: Dominik Klemba