Bug 247536

Recently both subtyping and recursive types were added for Wasm GC support. There are a few cases of interactions between these two features that don't quite work as intended. In particular, when the parent type of a `sub` declaration is a recursive type, the display-based subtyping check and also the structural subtyping check between type definitions can crash due to assertion failures.

Example test cases (can be added to `JSTests/wasm/gc/sub.js`):

```
  // This type-checks in the reference interpreter.
  instantiate(`
    (module
      (rec (type (func (result (ref 0)))))
      (rec (type (sub 0 (func (result (ref 1))))))
      (type (sub 1 (func (result (ref 1))))) ;; parent is a recursive subtype, whose parent is also a recursive type

      (func (result (ref null 0))
        (ref.null 2))
    )
  `);
```

Another example is from the Wasm GC spec tests:

```
  // This fails because during the structural type-check between a `sub` clause and its
  // parent, the parent is not a projection (because the recursion group has not been
  // created at that point), but then the recursive references cannot be resolved correctly.
  // This requires the structural type-check to bring in the entire recursion group and
  // expanding parent references if needed, or some variation on that strategy.
  instantiate(`
    (module
      (rec
        (type $t1 (func (param i32 (ref $t3))))
        (type $t2 (sub $t1 (func (param i32 (ref $t2)))))
        (type $t3 (sub $t2 (func (param i32 (ref $t1)))))
      )

      (func $f1 (param $r (ref $t1))
        (call $f1 (local.get $r)))
    )
  `);
```

The problems all seem to stem from `sub` clause parent references needing to point to the projection to the whole recursion group (and this also needs to be factored in for creating the displays for fast subtype checks).