Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs.
Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which
isn't tested in make test).
An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of "-w-", which violates
the principle that the owner of a file/directory can always read.
(cherry picked from commit
e2eb914cb986e28e412863553010795bff8ac3e1)