xend: Actually restrict a domU's access to xenstore when we mean to --

xend: Actually restrict a domU's access to xenstore when we mean to --
this means that in some cases it cannot be owner of its own xenstore
nodes.

This bug was pointed out by Daniel Berrange at Red Hat. This patch is
my own more generic fix that automatically covers a range of callers
(albeit the patch is arguably a bit of a hack ;-).

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>