Prevent Linux client ability to disobey VFS WORM

This merge request fixes an old bug https://bugzilla.samba.org/show_bug.cgi?id=10430 , solution to which were proposed by my colleague, Mikhail.

The bug stated that it is possible to modify files protected by WORM from linux client after the grace period has come in power.

I ported this patch from 4.7, so ACL-related functions were lost due to the deprecated API but if you support back-porting this patch, I can bring them up to 4.7(in case, it is a security problem).

This is the first time I propose request to samba, so I tried to follow the coding guide as much as possible but feel free to suggest improvements.

The code were mostly formatted with clang-format.

Signed-off-by: Aleksandr Dyadyushkin Dyadyushkin.A@raidix.com