A newly created file mapping has two sets of permissions. It has access control
permissions (WRITE_DAC, WRITE_OWNER, READ_CONTROL, and DELETE) and file
permissions (FILE_MAP_READ, FILE_MAP_WRITE, etc.). ::DuplicateHandle() with the
parameter DUPLICATE_SAME_ACCESS copies both sets of permissions.

The Chrome sandbox prevents HANDLEs with the WRITE_DAC permission from being
duplicated into unprivileged processes. But the only way to copy file
permissions is with the parameter DUPLICATE_SAME_ACCESS. This means that there
is no way for a privileged process to duplicate a file mapping into an
unprivileged process while maintaining the previous file permissions.

This CL removes all access control permissions of a file mapping immediately
after creation, which effectively means that ::DuplicateHandle() only copies
the file permissions.

These permissions are only enforced if the file mapping has a name, so this
CL also gives all file mappings a name.

BUG=493414

Review URL: https://codereview.chromium.org/1677163003

Cr-Commit-Position: refs/heads/master@{#376358}