MFC jail: Handle a possible race between jail_remove(2) and fork(2)

jail_remove(2) includes a loop that sends SIGKILL to all processes
in a jail, but skips processes in PRS_NEW state. Thus it is possible
the a process in mid-fork(2) during jail removal can survive the jail
being removed.

Add a prison flag PR_REMOVE, which is checked before the new process
returns. If the jail is being removed, the process will then exit.
Also check this flag in jail_attach(2) which has a similar issue.

Approved by: so
Security: CVE-2020-25581
Security: FreeBSD-SA-21:04.jail_remove
Reported by: mjg
Approved by: kib

(cherry picked from commit cc7b73065302005ebc4a19503188c8d6d5eb923d)
(cherry picked from commit f7007a7d05255a6859dea0982b1f0a6d695e8881)