GHSA-3whq-64q2-qfj6

### Summary
Using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects.

A contract search was performed and no vulnerable contracts were found in production. In particular, the `raw_args` variant of `create_from_blueprint` was not found to be used in production.

### Details
It can be seen that the `_build_create_IR` function of the `create_from_blueprint` builtin doesn't cache the mentioned `args` argument to the stack: https://github.com/vyperlang/vyper/blob/cedf7087e68e67c7bfbd47ae95dcb16b81ad2e02/vyper/builtins/functions.py#L1847

As such, it can be evaluated multiple times (instead of retrieving the value from the stack).

### PoC
The vulnerability is demonstrated in the following `boa` test:
``` vyper
src1 = """
c: uint256
"""
deployer = """
created_address: public(address)
deployed: public(uint256)

@external
def get() -> Bytes[32]:
self.deployed += 1
return b''

@external
def create_(target: address):
self.created_address = create_from_blueprint(target, raw_call(self, method_id("get()"), max_outsize=32), raw_args=True, code_offset=3)
"""

Factory = b.loads_partial(src1)
c = Factory.deploy_as_blueprint()

c2 = b.loads(deployer, b'')
c2.create_(c)
c2.deployed()
```
The output of `c2.deployed()` is `2` although `create_` was called only once and the value was initialized to `0`.

### Patches
Patched in https://github.com/vyperlang/vyper/pull/3976.

### Impact
No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is `low`.