fix(macOS 11): prevent UAF crash in WKURLSchemeHandler stop_task

macOS 11 WebKit bug: during WKWebView dealloc, stopAllTasksForPage calls
stop_task with already-freed task pointers. Any access (including the
implicit objc_release from objc2 reference types) causes SIGSEGV.

Fix:
- stop_task: use raw pointers (*mut AnyObject) instead of objc2 references
  to skip automatic retain/release. Body is no-op since task is invalid.
- start_task response handler: explicit drop(webview) before drop(task) to
  ensure correct deallocation order.

Author: x93008

src/wkwebview/class/url_scheme_handler.rs

@@ -286,12 +286,18 @@ extern "C" fn start_task(
                 }))
                 .map_err(|_e| crate::Error::CustomProtocolTaskInvalid)?;
 
-                if WEBVIEW_STATE.read().unwrap().contains_key(webview_id) {
+                let result = if WEBVIEW_STATE.read().unwrap().contains_key(webview_id) {
                   webview.remove_custom_task_key(task_key);
                   Ok(())
                 } else {
                   Err(crate::Error::CustomProtocolTaskInvalid)
-                }
+                };
+
+                // webview must drop before task: if webview drop triggers dealloc →
+                // stopAllTasksForPage → platformStopTask, the task must still be alive.
+                drop(webview);
+                drop(task);
+                result
               }
 
               #[cfg(feature = "tracing")]
@@ -334,8 +340,8 @@ extern "C" fn start_task(
 extern "C" fn stop_task(
   _this: &ProtocolObject<dyn WKURLSchemeHandler>,
   _sel: objc2::runtime::Sel,
-  webview: &WryWebView,
-  task: &ProtocolObject<dyn WKURLSchemeTask>,
+  _webview: *mut AnyObject,
+  _task: *mut AnyObject,
 ) {
-  webview.remove_custom_task_key(task.hash());
+  // no-op: avoid accessing task/webview — macOS 11 may pass freed pointers here
 }