Fix use-after-free in EditorHelp

[mihe]

Fixes #95306.

This adds a zeroing out of the EditorHelp::doc variable after it's been freed, to prevent any use-after-free from happening in places like EditorHelp::remove_class.

While this does fix the issue at hand, there are quite a lot of places in EditorHelp that use this doc variable without checking if it's nullptr first, so I'm not sure if there's a bigger problem lurking here or not.

[akien-mga]

While this does fix the issue at hand, there are quite a lot of places in EditorHelp that use this doc variable without checking if it's nullptr first, so I'm not sure if there's a bigger problem lurking here or not.

doc is only deleted in cleanup_doc which is only called from the EditorNode destructor, so at worst other issues might also be user-after-free or crashes on exit.

I see there's a TODO related to this:

// TODO: this is sometimes used directly as doc->something, other times as EditorHelp::get_doc_data(), which is thread-safe.
// Might this be a problem?
DocTools *EditorHelp::doc = nullptr;

Would probably be worth cleaning this up in the 4.4 cycle.

[akien-mga]

Thanks!