NaCl: Add sanity check for number of open FDs at startup
This is primarily for Non-SFI NaCl, where leaking FDs would be a
security hole. For SFI NaCl, this is just for defence in depth.
I've put the check just before enabling the seccomp-bpf sandbox. This
guards against creation of unusual FDs, e.g. via epoll_create(), which
might happen even after enabling the SUID sandbox (which mostly disables
open()).
BUG=358719
TEST=browser_tests
Review URL: https://codereview.chromium.org/
276443003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@271583 0039d316-1c4b-4281-b951-d872f2087c98