Previously, if a grant was unmapped and it was backed by a file
descriptor, the kernel would call close_sync() on that file descriptor
within `Grant::unmap{,_inactive}`. This is obviously not a good thing,
as some callers such as UserScheme::unmap could benefit from closing
asynchronously.

However, the biggest problem is that when reaping, calling fexec() or
exiting a context, it will unmap every grant and thus close the file
descriptors. But empty() requires a write lock, which means that if
closing would require a scheme to be called, then it would context
switch with a context lock held. This means... kernel deadlock!

The solution is to let the caller of Grant::unmap{,_inactive} close the
file descriptor, and in the empty() case, to also temporarily release
the lock while closing, and then re-acquire it shortly afterwards.