object: Keep proper track of pending closure invalidations

When a closure is invalidated during garbage collection, we can't free it
immediately because you can't stop tracing JS objects in the middle of
garbage collections. Instead we defer the free to an idle handler.

Previously, we kept track of the idle handler ID inside the closure's
ConnectData structure. However, it was possible for an idle handler to be
scheduled and the closure subsequently freed when the GObject itself was
freed. That meant that when the JS wrapper object was finalized, there
was no way to access the idle handler ID to remove it, so the idle
handler would still run, which meant use-after-free and occasionally a
crash.

This patch keeps track of pending idle handler IDs inside the JS wrapper
object's private structure, instead of the ConnectData structure, so that
all pending handlers are definitely removed when the JS wrapper object is
finalized.

https://bugzilla.gnome.org/show_bug.cgi?id=783935