LibWeb: Crash when clicking on a label that contains the input element it is for

[trflynn89]

When a <label> contains the input element it is named for, we get a crash when clicking on the label text itself or the text of the input element.

VERIFICATION FAILED: is<OutputType>(input) at ././AK/TypeCasts.h:48

ak_verification_failed +0x58 (Assertions.cpp:108 => Assertions.cpp:101)
Web::Layout::Label::handle_mousedown_on_label(AK::Badge<Web::Painting::TextPaintable>, Gfx::Point<Web::CSSPixels>, unsigned int) +0x17b (TypeCasts.h:48 => Label.cpp:37)
Web::Painting::TextPaintable::handle_mousedown(AK::Badge<Web::EventHandler>, Gfx::Point<Web::CSSPixels>, unsigned int, unsigned int) [clone .localalias] +0x7a (TextPaintable.cpp:45)
Web::EventHandler::handle_mousedown(Gfx::Point<Web::CSSPixels>, Gfx::Point<Web::CSSPixels>, unsigned int, unsigned int, unsigned int) [clone .localalias] +0x1a7 (EventHandler.cpp:364)
WebContent::ConnectionFromClient::process_next_input_event() +0x645 (ConnectionFromClient.cpp:213 => Variant.h:112 => Variant.h:118 => Variant.h:435 => ConnectionFromClient.cpp:200)

This is seen on e.g. the "Cookie name" field on https://setcookie.net/

Reduction:

<label for="name">
Name
<input id="name" value="value" />
</label>

[trnxdev]

This does not crash if I comment out some lines in Label.cpp (see lines 27-38, Userland/Libraries/LibWeb/Layout/Label.cpp).

void Label::handle_mousedown_on_label(Badge<Painting::TextPaintable>, CSSPixelPoint, unsigned button)
{
    if (button != GUI::MouseButton::Primary)
        return;
   
   if (auto control = dom_node().control(); control && control->paintable()) {
      //auto& labelable_paintable = verify_cast<Painting::LabelablePaintable>(*control->paintable());
      //labelable_paintable.handle_associated_label_mousedown({});
   }

   //m_tracking_mouse = true;
}

However, if I only comment out the m_tracking_mouse line or only the if lines, it still crashes.