QuickJS: fixed Buffer.from() and encoding error paths
Freed the typed array constructor object after reading constructor.name
while detecting Float32Array in Buffer.from(). This keeps the exception
path from leaking the constructor object.
Handled JS_ToCString() failure for constructor.name before comparing the
name, avoiding a NULL dereference when the property converts to an
exception, such as a Symbol value.
Divided the source offset by the element size in qjs_buffer_from()
typed-array path so the offset addresses the right element for 2-, 4-,
and 8-byte element types (previously the offset was left in byte units
while size was already in element units).
Added a NULL check on JS_ToCStringLen() in qjs_buffer_encoding(), and
moved the JS_FreeCString() call after the JS_ThrowTypeError() so the
encoding name remains valid while the error message is formatted.
Routed array source errors in qjs_buffer_from_object() through a single
fail label so the destination buffer is freed once on every failure path
(previously leaked on three of them).