Restrict /dev/mem and /dev/kmem when securelevel is set.

Restrict /dev/mem and /dev/kmem when securelevel is set.

Allowing users to write to address space provides mechanisms that may permit
modification of the kernel at runtime. Prevent this if securelevel has been
set.

Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
[bwh: Forward-ported to 4.9: adjust context]

Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch