Fire overflowchanged events at raf timing

      Running script inside layout leads to nasty security bugs and crashes,
instead we should defer overflowchanged events until raf time. This still
lets the author take an action before the paint preventing blinking and
jumpiness which was the reason we ran it inside layout, while avoiding the
pitfalls of synchronous script.

Unfortunately this patch makes us start firing overflowchanged even when a
node has been removed from the tree, but the old protection against it was
bad since it only checked inDocument() so removing a node and putting it in
another document would still let the event fire. Instead I plan to fix the
detach problem in a future patch since scroll events shouldn't fire for
detached nodes either.

This patch also lets us remove the paused-event-dispatch.html test which
was testing the suspend/resume logic I removed and for crashes that happen
with synchronous script inside layout which doesn't apply after this patch.

BUG=293534,323283
TEST=fast/events/overflowchanged-event-raf-timing.html

Review URL: https://codereview.chromium.org/82843003

git-svn-id: svn://svn.chromium.org/blink/trunk@162655 bbb929c8-8fbe-4397-9dbb-9b2b20218538