src: fix crash when reading length on Storage.prototype

[3zrv]

Fixes #63514

The following one-liner reliably segfaults:

$ node -e 'globalThis.sessionStorage.setItem.length;globalThis.Storage.prototype.length'
[1]    42883 segmentation fault (core dumped)

Stack trace:

#0  sqlite3LockAndPrepare ()
#1  sqlite3_prepare_v2 ()
#2  node::webstorage::Storage::Length ()
#3  node::webstorage::StorageLengthGetter ()

Root cause

Storage's length accessor is defined on the prototype template:

Local<FunctionTemplate> length_getter =
    FunctionTemplate::New(isolate, StorageLengthGetter);   // no signature
ctor_tmpl->PrototypeTemplate()->SetAccessorProperty(env->length_string(), ...);

Fix

Create the getter's FunctionTemplate with a v8::Signature bound to the Storage constructor template, exactly as the methods do. V8 now rejects an incompatible receiver with a TypeError: Illegal invocation before the C++ callback runs matching browser behavior instead of crashing. Real localStorage/sessionStorage instances are unaffected.