Fix race condition in MemMap::MapAnonymous.

Previously we were using MAP_FIXED which introduced a serious race
condition if MAP_32BIT was set since it would possibly overwrite
an existing map at the address which we determined was free with
msync. There was a window of time after we had msynced a page where
another thread could map something at that page. The new method
avoids using MAP_FIXED and unmaps allocations which succeed but
aren't in the low 4GB when MAP_32BIT is set.

Bug: 15338094
Bug: 14974497

(cherry picked from commit c355a2a7)

Change-Id: I292a74dbf2ef5ddfb8d0524ae8bc1efbcbd106c8