gh-146613: Fix re-entrant use-after-free in itertools._grouper

[TheSkyC]

Closes gh-146613

The same pattern was fixed in groupby.__next__ (gh-143543 / a91b5c3), but _grouper_next (the inner group iterator returned by groupby) was missed.

A user-defined __eq__ can re-enter the grouper during PyObject_RichCompareBool, causing Py_XSETREF to free currkey while it is still being used.

Fixed by taking strong references (Py_INCREF / Py_DECREF) to tgtkey and currkey before the comparison, exactly as done in groupby_next.

Added regression test test_grouper_reentrant_eq_does_not_crash.

[bedevere-app]

Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply the skip news label instead.

[python-cla-bot]

All commit authors signed the Contributor License Agreement.

[TheSkyC]

Hi @vstinner,
I've addressed your review comments in the latest commit
Thanks for your guidance!

[vstinner]

LGTM.

I confirm that the test does crash without the fix, and does pass successfully with the fix.

[vstinner]

Lint CI job failed with:

  error[: unpinned action reference
    --> .github/workflows/reusable-check-html-ids.yml:19:15
     |
  19 |         uses: actions/checkout@v6
     |               ^^^^^^^^^^^^^^^^^^^ action is not pinned to a hash (required by blanket policy)

It's unrelated to this change. I reported the issue to: #145632 (comment).

[TheSkyC]

Thanks for reporting the issue, @vstinner! Should I update the branch from main to fix it?

[vstinner]

Thanks for reporting the issue, @vstinner! Should I update the branch from main to fix it?

The issue is not fixed yet, so there is no need to update your branch.

[vstinner]

#147968 will fix the Lint CI.