Fix potential race conditions when executing commitHooks

Summary:
Recently we saw use-after-free race condition where the ImageFetcher object was being destroyed while still registered as a UIManagerCommitHook.

The crash occurred in std::vector::size() at line 635 when accessing corrupted memory.
The root cause could be improper lifecycle management between ImageFetcher destruction and commit hook execution.

The fix here modifies UIManager::shadowTreeWillCommit() to create a stable snapshot by copying the commitHooks_ vector while holding the lock.

Changelog: [Internal]

Differential Revision: D82846245

Author: christophpurrer

packages/react-native/ReactCommon/react/renderer/uimanager/UIManager.cpp

@@ -615,10 +615,14 @@ RootShadowNode::Unshared UIManager::shadowTreeWillCommit(
     const ShadowTree::CommitOptions& commitOptions) const {
   TraceSection s("UIManager::shadowTreeWillCommit");
 
-  std::shared_lock lock(commitHookMutex_);
+  std::vector<UIManagerCommitHook*> commitHooks;
+  {
+    std::shared_lock lock(commitHookMutex_);
+    std::swap(commitHooks, commitHooks_);
+  }
 
   auto resultRootShadowNode = newRootShadowNode;
-  for (auto* commitHook : commitHooks_) {
+  for (auto* commitHook : commitHooks) {
     resultRootShadowNode = commitHook->shadowTreeWillCommit(
         shadowTree, oldRootShadowNode, resultRootShadowNode, commitOptions);
   }