LibWeb: Don't crash in offset_parent() if no ancestor element found

The specification says the final step of this algorithm is to return
null. Previously, the browser would crash if the content of an iframe
was appended to the document before its offsetParent property was
queried.

Tests/LibWeb/Text/expected/Element-offsetParent-of-iframe.txt

@@ -0,0 +1 @@
+iframe offsetParent value: null

Tests/LibWeb/Text/input/Element-offsetParent-of-iframe.html

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<script src="include.js"></script>
+<script>
+    function offsetParentOfChildDocument() {
+        const frameDocument = document.querySelector("iframe").contentDocument;
+        const frameRoot = frameDocument.documentElement;
+        document.documentElement.append(frameRoot);
+        document.dispatchEvent(new CustomEvent("offsetParentCalled", { detail: { iframeOffsetParent: frameRoot.offsetParent }}));
+    }
+
+    asyncTest(done => {
+        document.addEventListener("offsetParentCalled", event => {
+            println(`iframe offsetParent value: ${event.detail.iframeOffsetParent}`);
+            done();
+        });
+    });
+</script>
+<iframe srcdoc="
+<script>
+    window.parent.offsetParentOfChildDocument();
+</script>
+">

Userland/Libraries/LibWeb/HTML/HTMLElement.cpp

@@ -205,7 +205,8 @@ JS::GCPtr<DOM::Element> HTMLElement::offset_parent() const
             return const_cast<Element*>(ancestor);
     }
 
-    VERIFY_NOT_REACHED();
+    // 3. Return null.
+    return nullptr;
 }
 
 // https://www.w3.org/TR/cssom-view-1/#dom-htmlelement-offsettop