ANDROID: rust_binder: split out logic for zero-to-one refcount increment

When userspace tells the kernel to perform a zero-to-one refcount,
userspace promises that such increments are okay, but this promise
requires that the kernel delivers them to the current thread before the
kernel delivers BR_TRANSACTION_COMPLETE. Otherwise, if the increment is
delivered to another thread, then it is possible that userspace could
destroy the object before it sees the increment, which would be a
use-after-free in userspace.

The current implementation may deliver refcount increments to the wrong
thread in cases like the above. This patch changes introduces enough
tracking to detect such cases, and will trigger a kernel panic if we are
about to trigger the bug.

In the next patch, we will replace the kernel panic with a correct
implementation.

Bug: 333535706
Change-Id: I51d9b87334498d1a166f151acf3dbddb8b3333a0
Signed-off-by: Alice Ryhl <aliceryhl@google.com>