gh-106092: Fix use-after-free crash in frame_dealloc (#106875)

It was possible for the trashcan to delay the deallocation of a
PyFrameObject until after its corresponding _PyInterpreterFrame has
already been freed.  So frame_dealloc needs to avoid dereferencing the
f_frame pointer unless it first checks that the pointer still points
to the interpreter frame within the frame object.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>