Fix uninitialized memory disclosure in WASM CropAndResize

[Alearner12]

WASM CropAndResize: handle invalid boxInd outputs deterministically

Summary

This updates the WASM CropAndResize kernel to handle out-of-range boxInd
values deterministically. When a crop references an invalid batch index, the
kernel now zero-fills that crop's output slice, advances the boxInd pointer,
and skips the geometric transform for that crop.

This keeps invalid-index handling local to the crop being processed. Valid crop
entries continue to use the existing interpolation path unchanged.

Bug

The WASM kernel previously skipped positive out-of-range boxInd values without
writing the corresponding output slice:

if (*box_ind_buf >= batch) {
  continue;
}

It also did not reject negative boxInd values before using the value in an
offset calculation. This could leave the output tensor in a backend-dependent
state for invalid indices, and made the WASM behavior less predictable than the
rest of the op's validation model.

There is a second correctness issue in the early-continue path: because the
kernel manually walks box_ind_buf, returning before incrementing that pointer
can desynchronize later crops from their intended batch indices.

Fix

• Reject both negative and positive out-of-range boxInd values.
• Zero-fill the whole output slice for the invalid crop.
• Advance box_ind_buf before continuing so later crops stay synchronized.
• Cast the validated batch index to size_t only after the bounds check.

Test

Adds a WASM backend regression test that calls tf.image.cropAndResize() with
two invalid indices (999 and -1) and verifies that the full output is
deterministically zero-filled.

The test covers both sides of the invalid range:

• 999 verifies positive out-of-range handling.
• -1 verifies negative indices are rejected before conversion to size_t.
• Two invalid entries in the same call verify that box_ind_buf stays
  synchronized across crops.