Only allow PROT_EXEC for ashmem where required.

tmpfs_domain() macro defines a per-domain type and
allows access for tmpfs-backed files, including ashmem
regions.  execute-related permissions crept into it,
thereby allowing write + execute to ashmem regions for
most domains.  Move the execute permission out of tmpfs_domain()
to app_domain() and specific domains as required.
Drop execmod for now we are not seeing it.

Similarly, execute permission for /dev/ashmem crept into
binder_use() as it was common to many binder using domains.
Move it out of binder_use() to app_domain() and specific domains
as required.

Change-Id: I66f1dcd02932123eea5d0d8aaaa14d1b32f715bb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>