Fixed Array.prototype.join() when array is changed while iterating.

Fixed Array.prototype.join() when array is changed while iterating.

Previously, the function used optimization for ordinary arrays with no
gaps (so called fast arrays).  For a fast array code took elements
directly from internal flat C array. The direct pointer may become
invalid as side-effect of custom toString() method for an element.

Specifically, the pointer was passed directly to
njs_value_to_primitive() which attempts to call toString() followed by
valueOf().  When the array size is changed as a side-effect of
toString() and not a string value is returned by toString() the pointer
becomes invalid and is passed to valueOf() which causes use-after-free.

The fix is to eliminate the micro-optimization which uses direct pointers.

Found by PolyGlot fuzzing framework.

This closes #444 issue on Github.