Avoid creating zero-length textframes when trying to handle ::first-letter.
This fixes the fuzzer-found assertion reported in bug 1899840, as well as the real-world
website hangs reported in bug 1900169.
In addition, it adds a pref (layout.css.intrinsic-size-first-letter.enabled) that gates
the new functionality during intrinsic size computation. This gives us a way to easily
disable it in the event of other regressions showing up.
Also add the testcase from 1899840 as a wpt crashtest.
Differential Revision: https://phabricator.services.mozilla.com/D212699
bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=385615
gecko-commit: e07ecd4899ee9406d886013103e64a2e4da17b1b
gecko-reviewers: dholbert