rust/upb: harden extension mut lifetimes

[Yenya030]

Problem

rust/upb_kernel/extension.rs used explicit lifetime extension at the Rust/C arena boundary:

let arena_ref: &'msg Arena = std::mem::transmute(msg.get_arena(Private));

This appeared in mutable extension paths and depended on a manual safety contract instead of structural lifetime propagation.

Why This Matters

This is a secure-by-design hardening change for latent lifetime unsoundness risk at an FFI ownership boundary.

• The previous pattern relied on non-local invariants and reviewer discipline.
• Plausible refactors could keep code compiling while weakening arena/lifetime coupling.
• Removing explicit lifetime transmute from these paths reduces the chance of silent UAF-style regressions.

What This PR Changes

1. Removes explicit lifetime transmute in extension mutable access.

• rust/upb_kernel/extension.rs
• Extension mutation now gets pointer + arena through typed internals, not transmute(msg.get_arena(...)).

2. Threads 'msg lifetime structurally through message mut internals.

• rust/upb_kernel/message.rs
• rust/codegen_traits.rs
• src/google/protobuf/compiler/rust/message.cc
• Adds/generates MessageMut::as_message_mut_inner(...) -> MessageMutInner<'msg, _> plumbing.

3. Adds targeted regression coverage for extension mutation paths.

• rust/test/upb/extension_runtime_smoke_test.rs
• rust/test/upb/extension_lifetime_regression_test.rs
• rust/test/upb/BUILD

4. Fixes smoke-test field-type constant correctness.

• rust/test/upb/extension_runtime_smoke_test.rs
• Uses FieldType_String = 9 (instead of 10, which is Group) when encoding the repeated string extension mini descriptor.

Scope / Non-Goals

• This PR does not claim a currently weaponized exploit on upstream HEAD.
• Scope is risk reduction: remove explicit unsafe lifetime bypasses in extension mutable paths and add targeted regression coverage.