layer_shell: cleanup output link on output destroy

Fixes this kind of use-after-free:
==1795==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000191ef0 at pc 0x00000048c388 bp 0x7ffe308f0410 sp 0x7ffe308f0400
WRITE of size 8 at 0x612000191ef0 thread T0
    #0 0x48c387 in wl_list_remove ../common/list.c:157
    swaywm#1 0x42196b in handle_destroy ../sway/desktop/layer_shell.c:275
    swaywm#2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
    swaywm#3 0x7f55cc22cf68 in layer_surface_destroy ../types/wlr_layer_shell.c:182
    swaywm#4 0x7f55cc22d084 in layer_surface_resource_destroy ../types/wlr_layer_shell.c:196
    swaywm#5 0x7f55cc4ca025 in destroy_resource src/wayland-server.c:688
    swaywm#6 0x7f55cc4ca091 in wl_resource_destroy src/wayland-server.c:705
    swaywm#7 0x7f55cc22c3a2 in resource_handle_destroy ../types/wlr_layer_shell.c:18
    swaywm#8 0x7f55c8ef103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)
    swaywm#9 0x7f55c8ef09fe in ffi_call (/lib64/libffi.so.6+0x59fe)
    swaywm#10 0x7f55cc4cdf2c  (/lib64/libwayland-server.so.0+0xbf2c)
    swaywm#11 0x7f55cc4ca3de in wl_client_connection_data src/wayland-server.c:420
    swaywm#12 0x7f55cc4cbf01 in wl_event_loop_dispatch src/event-loop.c:641
    swaywm#13 0x7f55cc4ca601 in wl_display_run src/wayland-server.c:1260
    swaywm#14 0x40bb1e in server_run ../sway/server.c:141
    swaywm#15 0x40ab2f in main ../sway/main.c:432
    swaywm#16 0x7f55cb97318a in __libc_start_main ../csu/libc-start.c:308
    swaywm#17 0x408d29 in _start (/opt/wayland/bin/sway+0x408d29)

0x612000191ef0 is located 48 bytes inside of 312-byte region [0x612000191ec0,0x612000191ff8)
freed by thread T0 here:
    #0 0x7f55ce3bb880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
    swaywm#1 0x42f1db in handle_destroy ../sway/desktop/output.c:1275
    swaywm#2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
    swaywm#3 0x7f55cc23b4c2 in wlr_output_destroy ../types/wlr_output.c:284
    swaywm#4 0x7f55cc1ddc20 in xdg_toplevel_handle_close ../backend/wayland/output.c:235
    swaywm#5 0x7f55c8ef103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)

previously allocated by thread T0 here:
    #0 0x7f55ce3bbe50 in calloc (/lib64/libasan.so.5+0xeee50)
    swaywm#1 0x42f401 in handle_new_output ../sway/desktop/output.c:1308
    swaywm#2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
    swaywm#3 0x7f55cc1d6cbf in new_output_reemit ../backend/multi/backend.c:113
    swaywm#4 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
    swaywm#5 0x7f55cc1deac7 in wlr_wl_output_create ../backend/wayland/output.c:327
    swaywm#6 0x7f55cc1db353 in backend_start ../backend/wayland/backend.c:55
    swaywm#7 0x7f55cc1bad55 in wlr_backend_start ../backend/backend.c:35
    swaywm#8 0x7f55cc1d67a0 in multi_backend_start ../backend/multi/backend.c:24
    swaywm#9 0x7f55cc1bad55 in wlr_backend_start ../backend/backend.c:35
    swaywm#10 0x40ba8a in server_run ../sway/server.c:136
    swaywm#11 0x40ab2f in main ../sway/main.c:432
    swaywm#12 0x7f55cb97318a in __libc_start_main ../csu/libc-start.c:308

Author: martinetd

sway/desktop/layer_shell.c

@@ -219,6 +219,8 @@ static void handle_output_destroy(struct wl_listener *listener, void *data) {
 	struct sway_layer_surface *sway_layer =
 		wl_container_of(listener, sway_layer, output_destroy);
 	wl_list_remove(&sway_layer->output_destroy.link);
+	wl_list_remove(&sway_layer->link);
+	wl_list_init(&sway_layer->link);
 	sway_layer->layer_surface->output = NULL;
 	wlr_layer_surface_close(sway_layer->layer_surface);
 }