permission: fix some vulnerabilities in fs
Without this patch, any restrictions imposed by the permission model can be easily bypassed, granting full read and write access to any file. On Windows, this could even be used to delete files that are supposed to be write-protected.
This likely also fixes a separate bug in fsPromises.open(), which currently incorrectly requires read permissions even for write-only access. (Unless that was somehow intentional?)
I'm not very confident in my understanding of the permission model. Please review carefully.