Determine if serializing blobs is safe for use in Layout Builder

@tim.plunkett I reviewed the module and couldn't find any security issues specifically related to serialization. When you use a serialized column the unserialization/serialization happens before a user gets or sets the value of a field, which means that object injection is not possible by setting the value of the field to a serialized string. That said, I discovered follow up items we should address in new issues:

1. Add a DataType normalizer for layout_section - when accessing (GET-ing) a LayoutSectionItem via REST today, you see a list of Section objects but each is empty. These should show components with their configuration.
2. Add REST test coverage for what GET/PATCH/POST looks like with LayoutSectionItem fields.
3. Consider using JSON instead of storing serialized data - this could make REST easier to support, and if each Section ultimately stores an array of block plugin configuration, which is also an array, JSON seems like a good fit. This would also resolve any security weariness.

I've created #2942975: [PP-1] Expose Layout Builder data to REST and JSON:API and #2942976: Add REST test coverage for Layout Builder, which cover points one and two from comment #3.

I don't think we should file an issue for #3.3 until we start work on a Normalizer - if we find that supporting the current storage format is too complicated, we can look at moving to JSON.

There is a todo in core pointing towards this issue.

@jibran Great catch, thanks!

Committed and pushed b5d11aeac5 to 8.6.x and fcd1465565 to 8.5.x. Thanks!