Crash when pointer leaves a Wayland surface with a MetaWaylandPointerConstraint

When the pointer leaves a Wayland surface with a MetaWaylandPointerConstraint (e.g. due a bug that currently wrongly places all constraints at an origin of 0,0) this triggers a crash, because meta_wayland_pointer_constraint_remove() ends up getting called twice for the same constraint. One call happens via pointer_constraints_focus() and the other via pointer_focus_surface_changed(). The order these seems to vary. For the second call data in surface_remove_pointer_constraints would be NULL if there are no other constraints and otherwise the second call to meta_wayland_pointer_constraint_destroy() would be on an already destroyed object.

This can be reproduced using the weston-constraints demo app:

1. Make sure the primary monitor is the top/left one
2. Run weston-constraints
3. Make sure the window is placed on the top/left but does not overlap the panel (move with super+click if necessary)
4. Click in the window once to trigger a constraint to the surface
5. Move cursor onto the panel (which works due to the bug causing all constraints to be placed at 0,0)

Maybe this can also be triggered without the wrong origin bug if the shell opens a notification over a constrained window, but I've not managed to test this yet.

(To get proper backtraces when debugging this, mutter needs to be compiled --buildtype=debug, otherwise a lot of intermediate calls are missing, resulting in a rather confusing backtraces going directly from sync_focus_surface() to g_object_unref().)