Make some parts of _zend_mm_heap read-only at runtime.

As [presented at
OffensiveCon 2024](https://youtu.be/dqKFHjcK9hM?t=1622), having trivially
callable writeable function pointers at the top of the heap makes it
straightforward to turn a limited write into an arbitrary code execution.

Disabling ZEND_MM_HEAP by default isn't doable, as it's used by a couple of
profilers, so we're making some parts of `_zend_mm_heap` read-only at runtime
instead: this will prevent the custom heap functions pointers from being
hijacked, as well as the custom storage ones.

We don't put the shadow_key there, since it has a performance impact, and an
attacker able to precisely overwrite it is likely already able to read it
anyway.

Author: jvoisin