Eliminate the last bit of pathname usage.

A lot of work has been done recently to make apply-default-acl safe
from symlink and hardlink attacks. A big part of that work was the
recent switch to using file descriptors instead of pathnames; but,
pathnames still lingered in a few places due to a shortcoming in
libacl. Through the use of a new function, acl_copy_xattr(), I've
finally eliminated those last few bits.

The apply_default_acl_ex() function now uses path names only as
arguments to safe_open(), which hopefully is safe. Afterwards, the
file descriptors obtained from safe_open() are used. Thus the hard and
symlink attacks should finally be fixed, modulo a tiny race condition
between safe_open() and fstat() that has no known solution.

These changes rely on the Linux xattr implementation and kill our
portability, but I don't think we ever had any to begin with.