input: Send unique keymap file descriptors to clients

Client may map any file descriptor opened for writing with PROT_WRITE
themselves.  On linux, even a read-only file descriptor to an unlinked
file can be re-opened with write permission through /proc/self/fd.

The only way to prevent this is to create a memfd which
is subsequently write-sealed.  Unfortunately this prevents clients
from mapping with MAP_SHARED, which is already in widespread usage.

To isolate and protect the keymap, whilst allowing MAP_SHARED clients
to continue to work, use a unique file descriptor for each
wl_keyboard resource.

Reviewed-by: Daniel Stone <daniels@collabora.com>