security: high-priority kernel memory fixes (Round 2)

security: high-priority kernel memory fixes (Round 2)

A03: POSIX fd mode checks for read/write syscalls
- read: reject O_WRONLY fds (except char devices)
- write: reject O_RDONLY fds (except char devices)
- Fix pipe fd flags: read=O_RDONLY, write=O_WRONLY
- Fix socket fd flags: O_RDWR (bidirectional)

A06: POSIX permission checks for kill signals
- process_kill: sender must be root or same uid
- process_kill_pgrp: skip processes not owned by sender

SYSENTER: validate user ESP before dereferencing
- If ECX points into kernel space, zero args and return -EFAULT
- Prevents kernel data leak via malicious ESP

AIO/Socket: kernel bounce buffers for SMAP safety
- AIO read/write: copy_from_user/copy_to_user via kmalloc buffer
- Socket send/recv/sendto/recvfrom: same bounce buffer pattern
- Max bounce size 4096 bytes

vDSO: fix tick_hz mismatch
- Use TIMER_HZ (100) instead of hardcoded 50
- Add timer.h include

fulltest: fix fd open modes for POSIX compliance
- All O_CREAT|O_TRUNC opens now include O_WRONLY
- O_APPEND open includes O_WRONLY
- Overlay test opens with O_RDWR
- dup2 redirect test opens with O_RDWR
- tmpfs append test opens with O_RDWR

Tests: 116/116 smoke, 142/142 battery, 111/111 host, cppcheck clean