Fix potential race conditions when executing commitHooks (#53862)

Summary:

Recently we saw `use-after-free race condition` where the ImageFetcher object was being destroyed while still registered as a UIManagerCommitHook.

The crash occurred in `std::vector::size()` at line 635 when accessing corrupted memory.
The root cause could be improper lifecycle management between ImageFetcher destruction and commit hook execution.

The fix here modifies `UIManager::shadowTreeWillCommit()` to create a stable snapshot by copying the commitHooks_ vector while holding the lock.

## Reason
- If a thread is iterating over `commitHooks_` with a `shared_lock`, and another thread acquires a `unique_lock` to modify the vector (add/remove), the iterator in the first thread can become invalid, leading to a crash (use-after-free or out-of-bounds).
- This can happen if the lock is not held for the entire duration of the read or write, or if the lock is not correctly used everywhere commitHooks_ is accessed.

Changelog: [Internal]

Differential Revision: D82846245

Author: christophpurrer

packages/react-native/ReactCommon/react/renderer/uimanager/UIManager.cpp

@@ -615,10 +615,14 @@ RootShadowNode::Unshared UIManager::shadowTreeWillCommit(
     const ShadowTree::CommitOptions& commitOptions) const {
   TraceSection s("UIManager::shadowTreeWillCommit");
 
-  std::shared_lock lock(commitHookMutex_);
+  std::vector<UIManagerCommitHook*> commitHooks;
+  {
+    std::shared_lock lock(commitHookMutex_);
+    commitHooks = commitHooks_;
+  }
 
   auto resultRootShadowNode = newRootShadowNode;
-  for (auto* commitHook : commitHooks_) {
+  for (auto* commitHook : commitHooks) {
     resultRootShadowNode = commitHook->shadowTreeWillCommit(
         shadowTree, oldRootShadowNode, resultRootShadowNode, commitOptions);
   }