lib: implement safe alternatives to `Promise` static methods

Alternative to https://github.com/nodejs/node/pull/38843, but restricted to the changes related to the ESM implementation since it's easier to get consensus regarding whether we want tamperproofness on that part of the code base. /cc @nodejs/modules @nodejs/loaders

Promise static methods that iterate over the provided argument (%Promise.all%, %Promise.any%, ...) look up the then property over each promise to support promise subclassing. This PR is introducing SafePromiseAll, SafePromiseAny, etc. that take an array, safely iterate over it, and wrap each promise in a SafePromise (whose prototype is not accessible from userland) and wrap the resulting SafePromise in a classic Promise to make the operation transparent from userland.