MoonBit fixes

[vigoo]

The primary goal of this PR is to fix a use-after-free bug I've discovered that happens in some nested cases. Reproducer test case included.

In details:

The Instruction::Return codegen emitted cleanup code (calling mbt_ffi_free) before using return operands. When return operands contained inline expressions that load from return_area or other freed memory (e.g. mbt_ffi_load32(return_area + 0)), the generated code would free the memory first and then read from it.

The fix binds all return operands to local variables before running cleanup, so the values are captured before any memory is freed.

Similarly, finish_block was calling mbt_ffi_free immediately on cleanup addresses instead of deferring them to the cleanup list, causing the same class of issue. Fixed to use cleanup_list.push(...) consistently.

A runtime test (tests/runtime/list-in-variant/) is included that exercises this pattern.

These problems were causing crashes for me while working on a MoonBit SDK for Golem.

Once the tests fixed, there were a couple of things in the existing moonbit test runner to fix (due to compiler updates - using the latest 0.8.2:

• fixed-length list support were not implemented
• one of the async tests that were expected to fail no longer failed
• compiler CLI flags changed