Deferring side effecting code in `_Py_Dealloc()`

[markshannon]

Currently _Py_Dealloc() can call arbitrary code, and since _Py_Dealloc() can be called by any Py_DECREF() is means that Py_DECREF() can call arbitrary code. Py_DECREF() is everywhere, so it impairs our ability to reason about about the behavior of code.
This problem is not as severe as #97922, but is still worth fixing, especially as it will impair our ability to optimize traces for 3.12.

We can either make a Py_SAFE_DECREF() to be used internally, or change Py_DECREF() to defer all potentially side-effecting deallocation functions.

It is not clear which is the best option. Changing Py_DECREF() is simple, and certainly easy to reason about, but might delay deallocation of extension module objects for too long.