webgpu: Fix buffer overflow in BufferManager::Upload causing data corruption (#27948)
### Description
BufferManager::Upload() used NormalizeBufferSize() (16-byte alignment)
to determine both the staging buffer size and the CopyBufferToBuffer
copy size. When the actual data size was not a multiple of 16, the extra
padding bytes in the staging buffer were uninitialized, and
CopyBufferToBuffer would copy those garbage bytes into the destination
GPU buffer beyond the intended range.
This caused data corruption when external code (e.g., onnxruntime-genai)
uploaded partial data to a pre-allocated static GPU buffer using ORT's
CopyTensors API. For example, uploading 24 bytes (3 x int64) of
attention mask data would copy 32 bytes (rounded to 16), writing 8
garbage bytes at position 24-31 of the destination buffer, corrupting
the 4th element.
This manifested as a 'device lost' crash in FlashAttention when running
LLM inference with graph capture enabled and odd prompt lengths (e.g., 1
or 3 tokens), because the corrupted attention mask caused ReduceSum to
produce wrong seqlen_k values, leading to out-of-bounds GPU memory
access.
### Fix:
- Use NormalizeCopySize() (4-byte alignment, the WebGPU minimum for
CopyBufferToBuffer) instead of NormalizeBufferSize() (16-byte alignment)
for both the staging buffer allocation and the copy command.
- Zero any padding bytes between actual size and copy size to prevent
garbage from being written to the destination buffer.
- Apply the same 4-byte alignment fix to MemCpy() for consistency.