shmfd/mmap: restrict maxprot with MAP_SHARED + F_SEAL_WRITE

If a write seal is set on a shared mapping, we must exclude VM_PROT_WRITE as
the fd is effectively read-only. This was discovered by running
devel/linux-ltp, which mmap's with acceptable protections specified then
attempts to raise to PROT_READ|PROT_WRITE with mprotect(2), which we
allowed.

Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D22978