LibWeb: Allow splitting surrogate pairs in CharacterData.replaceData()

We're expected to handle this situation gracefully, and certainly not
by falling apart like we were.

Found by Domato.

Tests/LibWeb/Text/expected/DOM/CharacterData-replaceData-break-surrogate-pair.txt

@@ -0,0 +1,5 @@
+Before replaceData:
+[0]: 53997
+[1]: 56998
+After replaceData:
+[0]: 56998

Tests/LibWeb/Text/input/DOM/CharacterData-replaceData-break-surrogate-pair.html

@@ -0,0 +1,16 @@
+<script src="../include.js"></script>
+<script>
+    test(() => {
+        const str = '\uD2ED\uDEA6';
+        let t = document.createTextNode(str);
+        println("Before replaceData:");
+        for (let i = 0; i < t.length; ++i) {
+            println("[" + i + "]: " + t.data.charCodeAt(i));
+        }
+        t.replaceData(0, 1, '')
+        println("After replaceData:");
+        for (let i = 0; i < t.length; ++i) {
+            println("[" + i + "]: " + t.data.charCodeAt(i));
+        }
+    });
+</script>

Userland/Libraries/LibWeb/DOM/CharacterData.cpp

@@ -87,9 +87,9 @@ WebIDL::ExceptionOr<void> CharacterData::replace_data(size_t offset, size_t coun
     // 6. Let delete offset be offset + data’s length.
     // 7. Starting from delete offset code units, remove count code units from node’s data.
     StringBuilder builder;
-    builder.append(MUST(utf16_view.substring_view(0, offset).to_utf8()));
+    builder.append(MUST(utf16_view.substring_view(0, offset).to_utf8(Utf16View::AllowInvalidCodeUnits::Yes)));
     builder.append(data);
-    builder.append(MUST(utf16_view.substring_view(offset + count).to_utf8()));
+    builder.append(MUST(utf16_view.substring_view(offset + count).to_utf8(Utf16View::AllowInvalidCodeUnits::Yes)));
     m_data = MUST(builder.to_string());
 
     // 8. For each live range whose start node is node and start offset is greater than offset but less than or equal to offset plus count, set its start offset to offset.