gh-149146: Add dealloc-depth counter fallback to trashcan trigger

[bhuvi27]

Fixes #149146.

while True: b = (b, None) under RLIMIT_AS segfaults during cleanup:

b = 9
while True:
    b = (b, None)

Docker with ulimit -v 524288: MemoryError → lost sys.stderr → segfault, exit 139.

The trashcan deposit in _Py_Dealloc only fires when _Py_RecursionLimit_GetMargin(tstate) < 2, which compares the stack pointer against c_stack_soft_limit. Under RLIMIT_AS the kernel SIGSEGVs trying to grow the stack while SP is still nowhere near the soft limit — issue #150722 has an LLDB trace from the same reporter showing SP ~7 MB above c_stack_hard_limit at the fault. So the trashcan never deposits and the recursive tuple_dealloc → Py_XDECREF → _Py_Dealloc → tuple_dealloc chain just runs into the wall.

This adds a per-thread c_dealloc_depth counter and uses it as a secondary trigger inside _Py_Dealloc, depositing at depth 50 (matches the old _PyTrash_UNWIND_LEVEL). The stack-pointer margin stays the primary signal; the counter only kicks in when SP can't.

One thing I missed on the first pass: the drain side has the same problem. margin >= 4 is also true in this scenario, so every _Py_Dealloc exit would re-enter _PyTrash_thread_destroy_chain from inside the deallocator it just called. Fix: destroy_chain bumps the counter for the duration of the drain (same idea as the old delete_nesting), and the drain check in _Py_Dealloc becomes just c_dealloc_depth == 0. Counter is only touched for GC types so non-GC types pay nothing.

Tests: new test_trashcan_nested_tuple_deep in test_gc.py (100k nested tuples, must clean up without crash); test_gc test_exceptions test_capi all green locally. Docker repro now exits 1 with MemoryError instead of 139 with Segmentation fault.

#150722 is the same SP-signal blindness in the comparison path (Py_EnterRecursiveCall) — separate code path, separate PR.

[vstinner]

IMO the existing _Py_RecursionLimit_GetMargin() mechanism based on tstate->c_stack_hard_limit is already quite complex. I would prefer to not add a second mechanism (tstate->c_dealloc_depth).

#define _Py_DEALLOC_DEPTH_LIMIT 50 sounds very low to me. Currently, it's possible to deallocate way longer chains with no problem.

Issue gh-149146 is really a corner case: when the OS fails to enlarge the stack because the system memory is exhausted.

IMO we should do nothing for this case.

[vstinner]

I don't think that this approach is correct (see my previous comment).

[bedevere-app]

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

And if you don't make the requested changes, you will be poked with soft cushions!

[vstinner]

cc @markshannon