Fix API safety for control-flow awaitables like until when used from tangentially related fibers

[ImmutableOctet]

We currently have a safety issue where calls to until and co. from nested lambdas references the outer Script object, rather than the generated ChildScript for a sub-thread.

i.e. for something like:

start_thread([&]() -> ScriptFiber { co_await until<OnButtonPressed>(); print("Unsafe usage of `until`."); });

we reference the parent thread's until member-function, but co_await the result in the sub-thread, making the generated awaitable reference the wrong script object and fiber. This gives unintended behavior as well as hitting a few asserts.

The ideal behavior here would be to have things just work™, but if that ends up being too difficult we could always assert early to prevent unwanted side effects.

My working idea to fix this would be to go with the OS thread's currently running Script instance, rather than using self in until's implementation. This isn't an ideal solution, as self would not actually have its usual meaning, but it would probably fix the issue.

NOTE: It should actually be safe to reference the parent thread from a sub-thread, since the parent should outlive it, but the awaitable's script reference is still an issue here.