Fix crash in smbd deferred open code

Fix for bug https://bugzilla.samba.org/show_bug.cgi?id=14672. Reporter confirms that the patchset fixes the problem on his testsystem.

The hear of the fix is making sure we don't leave a dangling pointer in poll_open_done() when freeing the sharemode watch subreq. We have a copy of that pointer we just freed in open_rec->watch_req and the open retry timer function access this pointer to free the watch_req which will either crash or do things much worse, like freeing a completely random talloc object (seen crashes caused by this on another system).