Fix SplObjectStorage getHash() guard leaking across a bailout

[iliaal]

The getHash() recursion guard bumps a request-persistent counter around the userland getHash() call but only decrements it on the normal return. A bailout inside an overridden getHash() (out of memory, timeout, any fatal) skips the decrement, and nothing resets the counter per request, so on a persistent SAPI every later request on the same worker wrongly throws "Modification of SplObjectStorage during getHash() is prohibited". Decrement inside a zend_catch and re-raise the bailout so the counter is balanced on every exit.

class P extends SplObjectStorage {
    public function getHash($o): string {
        ini_set('memory_limit', '2M');
        str_repeat('a', 100 * 1024 * 1024); // OOM bailout
        return 'x';
    }
}
(new P())->offsetSet(new stdClass());           // request 1 bails out
(new SplObjectStorage())->offsetSet(new stdClass()); // later request, no override: throws before the patch

[iliaal]

Submitted upstream as php#22308.