deps: cherry-pick e807d4e379 from SQLite

[junius-sec]

Backport the SQLite session extension fix for malformed changesets that omit
old values for primary-key columns. The upstream fix avoids passing NULL to
sessionBindValue() while applying UPDATE changesets.

This adds a regression test for DatabaseSync#applyChangeset() to verify that
the malformed changeset returns SQLITE_CORRUPT instead of crashing.

Refs: https://sqlite.org/src/info/e807d4e3798efd53
Refs: https://hackerone.com/reports/3736889

Tested on Linux x64:

$ python3 configure.py --without-npm --without-lief
$ make -j16
$ python3 tools/test.py --mode=release test/parallel/test-sqlite-session.js
All tests passed.

[nodejs-github-bot]

Review requested:

• @nodejs/security-wg
• @nodejs/sqlite

[louwers]

We should just stick to the regular SQLite release cadence I think.

[junius-sec]

Thanks for reviewing, @louwers.

I opened this PR because the disclosed HackerOne thread suggested that the
upstream fix could be cherry-picked publicly for the next regular releases and
that opening the PR could allow changelog credit.

If the project prefers to wait for the regular SQLite release cadence instead,
I’m happy to defer to that.

[Renegade334]

I'm agnostic towards merging, but we definitely shouldn't be regression testing on sqlite3's behalf, as it'll cause havoc with shared builds.

[junius-sec]

Agreed, thanks. I pushed an update to skip this regression test when Node is
built with shared SQLite, so it only runs against the bundled SQLite copy that
this PR patches.

If you would prefer not to carry this SQLite regression test in Node at all,
I’m happy to remove it.