Runtime tuple formats are reusable, which means that a tuple format
returned by runtime_tuple_format_new may not be brand new, but actually
be used by a Lua object. As a result, if we call any function that may
trigger Lua GC between runtime_tuple_format_new and tuple_format_ref,
the tuple format may be deleted, leading to a use-after-free bug. This
is what happens in lbox_tuple_format_new. Fix this issue by taking a
reference to the format before pushing a cdata object to the Lua stack
in lbox_push_tuple_format.

The issue was fixed in the master branch by commit 28ec245d ("lua:
fix heap-use-after-free bug in tuple format constructor"). This isn't
a clean cherry-pick because the code changed quite a bit.

Closes #8889

NO_DOC=bug fix
NO_TEST=difficult to reproduce, found by ASAN