Bug 313950

AVFoundation's `VoiceDatabaseClient.startCacheInvalidation()` now posts `AVSpeechSynthesisAvailableVoicesDidChangeNotification` from a background Swift concurrency cooperative thread rather than the main thread. `-[WebSpeechSynthesisWrapper availableVoicesDidChange]` dereferences its `WeakPtr<PlatformSpeechSynthesizer>` directly in the notification handler, tripping the `WeakPtr` threading assertion (`ASSERT_WITH_SECURITY_IMPLICATION(canSafelyBeUsed())`) and crashing the UI process. Stack trace: ``` Thread 18 Crashed:: Dispatch queue: com.apple.root.default-qos.cooperative: 0 JavaScriptCore: WTFCrashWithSecurityImplication 1 WebCore: WTF::WeakPtr<WebCore::PlatformSpeechSynthesizer>::get() const 2 WebCore: -[WebSpeechSynthesisWrapper availableVoicesDidChange] 3 CoreFoundation: __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ 4 CoreFoundation: ___CFXRegistrationPost_block_invoke 5 CoreFoundation: _CFXRegistrationPost 6 CoreFoundation: _CFXNotificationPost 7 Foundation: -[NSNotificationCenter postNotificationName:object:userInfo:] 8 TextToSpeech: closure #1 in VoiceDatabaseClient.startCacheInvalidation() 9 libswift_Concurrency.dylib: completeTaskWithClosure(swift::AsyncContext*, swift::SwiftError*) ``` The regression is an AVFoundation behavior change, not a WebKit commit regression.