Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.

If checkreqprot == 1, SELinux only checks the protection flags passed
by the application, even if the kernel internally adds PROT_EXEC for
READ_IMPLIES_EXEC personality flags.  Switch to checkreqprot == 0
to check the final protection flags applied by the kernel.

Change-Id: Ic39242bbbd104fc9a1bcf2cd2ded7ce1aeadfac4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>