Linux: landlock can be disabled thanks to missing cred_transfer hook; and Smack looks dodgy too

https://bugs.chromium.org/p/project-zero/issues/detail?id=2566

This is CVE-2024-42318

@buherator@infosec.place great find! luckily I don't think Smack is used very often on linux, so hopefully the impact is minimal though, but that's a bit of an oversight in landlock

I wonder if we could potentially change the behaviour of the LSM subsystem here so the security of the module doesn't depend on correctly implementing a bunch of subtly differing hook stages... but I'm pretty clueless on LSM internals so maybe that would be hard