mseal: Replace can_modify_mm_madv with a vma variant

mseal: Replace can_modify_mm_madv with a vma variant

Replace can_modify_mm_madv() with a single vma variant, and associated
checks in madvise.

While we're at it, also invert the order of checks in:
 if (unlikely(is_ro_anon(vma) && !can_modify_vma(vma))

Checking if we can modify the vma itself (through vm_flags) is
certainly cheaper than is_ro_anon() due to arch_vma_access_permitted()
looking at e.g pkeys registers (with extra branches) in some
architectures.

This patch allows for partial madvise success when finding a sealed VMA,
which historically has been allowed in Linux.

Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>