Fix race condition in MemMap::MapAnonymous.

Previously we were using MAP_FIXED which introduced a serious race
condition if MAP_32BIT was set since it would possibly overwrite
an existing map at the address which we determined was free with
msync. There was a window of time after we had msynced a page where
another thread could map something at that page. The new method
avoids using MAP_FIXED and unmaps allocations which succeed but
aren't in the low 4GB when MAP_32BIT is set.

Bug: 15338094
Bug: 14974497
Change-Id: I57f00baf4143e9fa17fb1d4c2be04b30705a2bfd