exec-randomization: brk away from exec rand area
    
    This is a fix for the NX emulation patch to force the brk area well
    outside of the exec randomization area to avoid future allocation or brk
    growth collisions. Normally this isn't a problem, except when the text
    region has been loaded from a PIE binary and the CS limit can't be put
    just above bss.
    
    A test-case that will show failures without this patch can be found here:
    http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/annotate/head%3A/scripts/kernel-aslr-collisions/explode-brk.c
    
    Signed-off-by: Kees Cook <kees.cook@canonical.com>